Your IT Consultant

Microsoft Office Under Attack Again

January 26, 2023

It’s a vicious cat and mouse game. Microsoft blocks some activity and the cybercriminals move to another attack method. Dark Reading reported that Microsoft is planning to add a feature to cut back on cybercriminal attacks using ‘add-ins’ (XLL files) to deliver malware. XLL files are a way to allow third party tools the ability to extend the function of Microsoft Excel. Unfortunately, there has been a rise of XLLs being used to drop malware frameworks such as Dridex.

The common way to restrict such action is to pop up a dialog box with a warning instead of actually stopping the file delivery. Mike Parkin, senior technical engineer at Vulcan Cyber said, “Unfortunately, it’s unclear at this point whether it’s just going to be a warning that users can easily click through, a more proactive ‘off by default’ setting, or whether they are going to disable it entirely for XLL files downloaded from the Internet.”

As if the delivery of malware using XLL files isn’t enough, attackers are also shifting to using malicious LNK (short cut) files. It really doesn’t matter what attack method is used. You should always be careful with ANY file being delivered via the internet. Slow down and pay attention to warnings and stop clicking ‘Accept’ just because you’re in a hurry.

Email:   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com