Hackers will use any and every avenue of attack to gain access to your vital information and sensitive data. Increasingly, Macros are being exploited to compromise networks and facilitate ransomware attacks. Understanding the risk Microsoft has announced that it will be blocking macros by default for office applications. This includes Access, Excel, PowerPoint, Visio, and Word.
While the potential for protection in blocking macros is substantial it’s important to realize which units of your organization will be impacted by this change and what are the methods to use macros safely?
Microsoft Realizes the potential risk of macros
As a cyber company focused on file based attacks, we understand the risks and rewards of blocking macros. For Microsoft, one of the leading cybersecurity players in the global marketplace, managing a dynamic range of products as well as the evolving cyber risks they often face they see the risk of macros on an even greater scale.
Understanding the rising role of macros in promoting cyber-attacks, and how they have increasingly been turned to implement ransomware attacks specifically, Microsoft should be recognized for taking the proactive measure of blocking this highly susceptible file type across its products.
However, with any attempt to minimize risk, something will be lost in the process. In the case of blocking macros, organizations must consider continuity policies for departments that use these featured files with regularity and how Microsoft’s plan to prevent macros will alter their day-to-day functionality.
What are Macro and how do hackers use them as an attack vector?
According to the UK National Cyber Security Centre “A macro is a small program that is often written to automate repetitive tasks in Microsoft Office applications. Macros have been historically used for a variety of reasons – from an individual automating part of their job to organizations building entire processes and data flows. Macros are written in Visual Basic for Applications (VBA) and are saved as part of the Office file.”
So why have macros just now become an essential attack vector?
Well, while you may only now be hearing about macros in the news cycle since the 1990’s they have been a common method for attacks on Microsoft office products. Macros are ideal for spear phishing and ransomware attacks as well as a key approach to launch social engineering attacks. In short, though macro attacks may have run under the radar of mainstream news sources, their impact has been felt by the IT community for decades.
How to provide the perfect blend of protection and data access
While Microsoft’s intentions at blocking macros may have come from the right place, their impact on users of macro files isn’t so simple. For IT or the CISO, having the ability to block macros can be critical, but only if those who need these files can still be granted access.
FileWall by odix was designed to provide the granular controls to company admins to enable them to protect against macros while still providing access to those whose jobs require this often-vital file type.
FileWall’s Granular Type Filter – Empowering Microsoft 365 Security
The FileWall file type filter allows the Microsoft 365 system admin to define which file types are permitted to enter the organization and which should be blocked. This minimizes the attack surface the organization is exposing via email by eliminating the threat vectors available in certain file types.
The type filter has three main controls:
- On/Off – enabling or disabling the filter functionality on all file types.
- Work mode (Whitelist/Blacklist)- the ability to create pre-set lists of permitted/non-permitted file types for specific users within the organization
- Default settings – suggested default policy by FileWall which includes 204 file types categorized as dangerous, (this includes executable files (exe), windows batch files (bat), and windows links (lnk) and others.
Microsoft type filter only allows the admin to block (blacklist) file types from a list of 86 types. Filewall supports thousands of file types and extensions.
With FileWall and Microsoft 365’s native protection against macros, you can enjoy all the benefits of file security, while still having access to an essential file type required by accounting and numerous other business units. To try FileWall for 30 days click here