Tech Matters: Working remote? Watch out for malicious work docs
As many companies have delayed or reversed their plans to bring workers back into the office because of the surge in COVID cases, you shouldn’t be surprised to know that cybercriminals have seized the opportunity to ramp up efforts to attack employees who work remotely. Malicious office documents proved to be an efficient and effective way to attack unsuspecting remote workers since the pandemic began, and just when we thought the virus was under control, the delta variant brought a new wave of infections and, in turn, an extension of work-from-home arrangements. Cybercriminals rejoiced because it is easier for them to slip through a home network even with installed antivirus software than one heavily protected at a corporation.
Basing its findings on a July 2021 security report from Netskope, Atlas VPN reported that 43% of all malware downloads were malicious office docs in the second quarter of this year compared with just 14% in the same period the year before. In this case, “office docs” are not limited to Microsoft products, but include Google Docs and PDFs as well. The technique involves creating a malicious macro on office documents, which are emailed to thousands of people and then the perpetrator waits for victims — the ones who open the docs and allow the macro to run.
“Even though infecting office documents with malware has been established for a long time, it is still very successful at tricking people,” said William Sword, Atlas VPN cybersecurity researcher, in a company blog post.
Just what are macros? A macro is a series of commands bundled together to accomplish a task automatically. You can set them up in Word, Excel, Google Sheets and others. Understand that there is nothing nefarious or harmful about a macro itself; it can be an extremely useful tool that may save you hours of repetitious work.
For instance, in Microsoft Word, you can set up a macro to insert a preformatted table with the click of a button. Each macro must be given a name that begins with a letter and uses either letters or numerals thereafter without spaces, punctuation or other special characters. It can be up to 80 characters long. You might name your macro bluetable, and a criminal could use a name that’s just as benign to shield the macro’s true intent.
Because macros may launch with viewer permission, an unsuspecting user could activate a macro that is actually harmful. If you open a document and see a warning that asks whether you’d like to run macros in the document, it is a good idea to deny permission. You will still be able to see and edit the file.
Your best protection against this type of attack is to be wary of any document sent your way, particularly if it’s from someone you do not know. I often receive requests for proposals, invoices and other seemingly work-related documents accessible by clicking a button in an email to download or following a link. If I didn’t expect it, I wouldn’t open it. Instead, I’ll delete it or forward it to my company’s IT team, which is always glad to take a look. Whether you’re working in an office or at home, this is a good security practice.
Malicious documents are not the only risk workers face, particularly if they’re working from home. Hopefully, your IT department has set you up with the tools necessary to protect company information if you’re working from home full time or only occasionally.
One of the easiest tools to implement and one of the most effective for protecting your data is using a VPN or virtual personal network. This applies if you’re working outside the office for a mega-company or if it’s just you. A VPN will provide a secure connection between your computer and company servers, or wherever you’re sending and receiving data. It will prevent man-in-the middle attacks, so called because data can be intercepted if not protected when traveling from one point to the next. This is most common when using public Wi-Fi, but it’s still possible on a home network.
Always password protect documents that you send to another, especially if they contain personal or financial data. You can also encrypt your email so that it cannot be read without a private key. For Microsoft 365 subscribers, look for the Encrypt button under Options. Gmail users may select Confidential Mode to add a passcode and an expiration date to an email.
And don’t forget the fundamentals: Use unique passwords and keep your devices and software up to date.
Leslie Meredith has been writing about and reviewing personal technology for the past nine years. She has designed and manages several international websites and now runs the marketing for a global events company. As a mom of four, value, usefulness and online safety take priority. Have a question? Email Leslie at email@example.com.