MS Office macro malware attacks are making a comeback

When Microsoft turned off default execution of macros in Office their popularity as a means of delivering malware declined. But thanks to the use of social engineering techniques to get people to turn them on, macro attacks are making a comeback.

This is one of the findings of the latest mid-year security report from networking specialist Cisco. In two recent campaigns Dridex Trojans were delivered as attachments to emails -- each sent to specific recipients -- purporting to deliver invoices or other important documents.

Other findings in the report are the continued popularity of the Angler exploit kit thanks to its authors' recent concentration on, and quick work to take advantage of, vulnerabilities in Adobe Flash. Cisco reports that, on average, 40 per cent of users who encounter an Angler exploit kit landing page on the web are compromised.

Ransomware continues to be a problem too. Cryptocurrencies like bitcoin and anonymisation networks such as Tor are making it even easier for miscreants to enter the malware market and quickly begin generating revenue. To become even more profitable while continuing to avoid detection, operators of crimeware, like ransomware, are even hiring and funding their own professional development teams to create new variants and tactics.

"Ransomware exists on its reputation," says Craig Williams, Security Outreach Manager at Cisco. "Users pay up to get their data back, so they finance new generations of the malware".

Typically a ransom of between £200 to £300 is demanded, not so high that a user won't pay it or, worse, that it will motivate the user to contact law enforcement. Instead, the ransom is more of a nuisance fee. And users are paying up. Cisco reports that nearly all ransomware-related transactions are carried out through the anonymous web network Tor. This allows adversaries to keep the risk of detection low and profitability high.

The report notes that so far 2015 has seen unprecedented speed in the innovation, resiliency, and evasiveness of attacks. "Attackers have no barriers to rolling out new technology," says Williams. "While users are not as agile in moving to new versions to stop attacks".

The full Cisco 2015 Midyear Security Report is available to download from the Cisco website.

Photo Credit: Balefire / Shutterstock