In our 12 Threats of Christmas feature, we want to look at cyber threats and issues that can impact organisations.  

Some may be known to you, whilst others, may seem a little more out of the box. 

On the tenth day of Christmas, our cyber threat is: 

Macros 

The shining light of 2020 can be seen on the horizon. For many, the new year will see new career opportunities arising. For businesses this could include advertising a job in multiple places, in the hope that your offering will catch the eye of a prospective employee. 

But what if your search for the ideal employee is going a bit too smoothly. What if the number of CVs you’re receiving are in fact from the same cyber criminal who is looking to infiltrate your organisation? 

In 2018, there were a spate of cases which saw organisations being attacked by malware after they posted a simple job advert. Although this tactic, has dropped off the radar somewhat, there’s still an important safety message to prevent cyber criminals hijacking your new job plans. 

But how have cyber criminals turned this everyday task into another crime tactic? 

After you have drafted your advert, you post in on several job boards to ensure you get maximum exposure, as naturally you want to attract the best candidates. 

The hiring manager is delighted that they are receiving so many CVs from interested parties and is enjoying the task of sifting through to find those suitable for interview. This advert has had an unusually good response. 

The bad news in this case it that none of these responses are genuine. In reality, a cyber criminal is bombarding the hiring manager with fake CVs, unbeknownst to the manager, this will lure them into a false sense of security. 

The hiring manager, has gotten into the flow of opening and perusing CVs, that eventually they open one with a Word attachment, which contains Macro Malware. 

Microsoft Office macros have been a common way of delivering a malicious payload to an organisation as an email attachment. Macro’s are intended to provide advanced users with the ability to write custom functions that can be used to aid productivity. However, the same functionality can be used to great effect to distribute viruses. 

What can I do to stop by business falling foul of macro malware attacks? 

Here are some steps you can take to prevent your organisation from falling foul to this cyber tactic: 

  • Have your IT administrators disable macros by default. This will prevent them from being used both internally and externally 
  • Choose a good anti-virus software and keep it up-to-date. Anti-virus software should be set to scan documents before opening them 
  • Use a sandboxing tool to screen emails. These tools essentially open the email in a ‘safe’ environment to test the contents. If the email isn’t malicious, it can safely be delivered to the user 
  • Train your employees to look for tell-tale signs and always report anything suspicious to your IT department. Having a ‘no blame’ culture in place will help this reporting process to thrive 
  • Have a robust recovery plan to hand in case of a data breach 

Missed Day 9 which focused on Computer Healthcare? Fear not, you can read it here.