Microsoft Word document and zero-day attacks on the rise

Macro-less Microsoft Word document attacks and zero-day malware are on the rise, according to data from WatchGuard

dynamic data exchange (DDE) attacks top the malware list as hackers increasingly exploited issues in the Microsoft Office standard to execute code, a report reveals.

Also called “macro-less malware”, these malicious documents often use PowerShell and obfuscated script to get past network defences, according to the latest Internet security report from WatchGuard Technologies.

The user of PowerShell is a key element of fileless malware and other attacks that exploit legitimate enterprise IT management tools to avoid detection by security controls.

Additionally, two of the top 10 network attacks involved Microsoft Office exploits, further emphasising the growing trend of malicious document attacks, said the report, which is based on  anonymised global threat intelligence data from 40,000 WatchGuard’s Firebox appliances during the fourth quarter of 2017.

Overall, malware attacks grew significantly, with WatchGuard blocking more than 30 million malware variants in the last three months of 2017, a 33% increase over the previous quarter.

Out of the total threats prevented, the subset of unknown or zero-day malware instances rose steeply by 167% compared with the previous quarter. These increases can likely be attributed to heightened criminal activity during the holiday season, the report said.

“After a full year of collecting and analysing Firebox Feed data, we can clearly see that cyber criminals are continuing to use sophisticated, evasive attacks and resourceful malware delivery schemes to steal valuable data,” said Corey Nachreiner, chief technology officer at WatchGuard Technologies.

“Although these criminal tactics may vary over time, we can be certain that this broad trend will persist, so the risks have never been greater for small and mid-size organisations with less IT and security resources,” he said.

Nachreiner said businesses of all sizes are encouraged to mitigate these threats proactively with layered security services, advanced malware protection and employee education and training in security best practices.

Read more about malware

The report reveals that nearly half of all malware detected eluded basic antivirus (AV) systems, requiring a combination of legacy signature-based detection techniques and proactive behavioural detection to catch malware variants missed by signature-based detection.

This zero-day malware accounted for 46% of all malware in the fourth quarter. This level of growth, the report said, suggests criminals are using more sophisticated evasion techniques capable of slipping attacks past traditional AV services, which further underscores the importance of behaviour-based defences.

Script-based attacks caught by signatures for JavaScript and Visual Basic Script threats, such as downloaders and droppers, accounted for 48% of top malware detected in the fourth quarter.

Businesses should note the continued popularity of these attacks and watch out for malicious script in web pages and email attachments of any kind, the report said.

Read more on Privacy and data protection