Understanding and Defending Against Macro-based Attacks

As cyberattacks increase in frequency and diversity and their consequences become more severe, businesses across all industries must adapt. Vigilance against cyberattacks requires both human awareness of the threats that loom and advanced cybersecurity software.

Since the 1990s, macro-based attacks have wreaked havoc on poorly-defended enterprise networks. Since then, the use of macro-based attacks has surged, dwindled, and then spiked again in a cycle as both cybercriminals and cyber defense professionals have advanced their strategies. Today, macro-based attacks remain a serious threat, making it essential that enterprise business owners and IT professionals understand the inner workings of these attacks.

What Does “Macro-based” Mean?

Macro malware attacks use the Visual Basic for Applications (VBA) programming in Microsoft Office to infect their target. Typically, the malware comes in through phishing email attacks that include malicious downloads. Once the malware has access to the VBA, it can infect all files that are accessed using Microsoft Office. A macro-based attack can render your files unusable and share those files with the hacker behind the attack.

Recent Macro Attacks and How to Prevent Them

As previously mentioned, macro-based attacks first started circulating in the 1990s, back when emails and software weren’t as secure, and people had less cybersecurity awareness than they do now. While they gradually faded away, macro attacks have been making a strong comeback in the last few years. The main reason for their return is the resurgence of using easily-exploitable macros in modern, everyday software like documents and spreadsheets.

Like other types of malware, it’s completely ineffective if it doesn’t have access to your device or data. Protecting against macro-based is primarily a matter of practicing good internet hygiene. The same goes for both large businesses and individuals and the web: don’t open attachments in untrustworthy emails, don’t download files from insecure websites, and always utilize antivirus software.

Including Your Staff

Your first line of defense against any malware, especially ones as discreet as macro-based attacks, is a well-educated staff. Make sure every employee with access to your networks understands the risks of irresponsible actions online and how to practice safe browsing. While leaving cybersecurity to your IT or security team might be straight-forward and intuitive, including employees from all departments is a must. Some managerial strategies to promote safe internet use include:

  • Software Training– Train your staff on how to safely and adequately use company-trusted software and tools. Always educate new recruits and hold company-wide training workshops when a new update rolls around.
  • Encourage Honesty– Sooner or later, an employee will click on a link or download an attachment with malicious content. That’s why it’s vital to promote honesty where the employee reports directly to the IT department to minimize the damages.
  • Social Engineering Awareness– Social engineering attacks and phishing emails are the primary ways malware gets into a network. Train your staff on how to detect the signs of a fake website or email.
  • Limit Exposure– Make sure your staff only uses and shares what’s necessary online. In terms of macro-based attacks, limiting exposure means disabling all macros when not in use, rendering macro-based malware ineffective even if it reaches the device or network.

Leveling Up Your Defenses

Most enterprises, however, should take their security a step further, as macro-based attacks aren’t the only cybersecurity concern. On top of the security measure mentioned in the previous two sections, business owners can invest in specialized and advanced cybersecurity software that fits their network and threat model.

While traditional antivirus can come in handy for individual users and small companies, next generation antivirus protection software (NGAV) combined with endpoint detection and response software (EDR) is recommended for enterprise organizations.

Unlike traditional antivirus—which scans incoming files against a list of previously-identified threats—NGAV with EDR uses artificial intelligence, behavioral and predictive analysis, and machine learning. These features enable the security stack to predict attacks before they happen, intercept new types of malware and zero-day attacks, and actively hunt for new treats.

Proactive Defense

Macro-based attacks are just one type of many attacks that might witness a comeback within the upcoming years. That’s why you shouldn’t wait until new cases affect companies or individuals. Make sure that your defense systems are up to date and regularly train your staff members—proportionately to their access privileges—on safe internet behavior and cybersecurity.