Macros in Office files, such as Word and Excel, have always been useful, including to cybercriminals. They prefer to use them to spread malware. But that’s over now.
As a reminder, macros are a feature of Microsoft Office. Its main purpose: to facilitate time-consuming and repetitive tasks by documenting and saving frequently used work steps.
The problem so far has been that cybercriminals have been able to take advantage of this feature. They sent their malware well disguised – as an application or an invoice, for example – in the form of a Word document. As soon as the unsuspecting recipient of the email wanted to open the attachment, he received a notification that he agreed to the macros in the document or spreadsheet . If he did, the baby had already fallen down the well. The malware was downloaded, installed and spread to the computer or, at worst, to other systems on the network. The most famous example in recent years is the Emotet Trojan, which was spread this way.
Microsoft has taken on the macro problem
Microsoft’s manufacturer has now responded and thus shut down one of the most popular gateways for viruses, Trojans and the like. Running macros by default in Office files from the Internet is now a thing of the past. Tools: As soon as a user downloads a Word, Excel, Powerpoint, Visio or Access file from the Internet and wants to open it, the program automatically blocks macros. The macros manual activation notification window also no longer appears.
Instead, the user is automatically notified when the macro locks and can find out more information on the new Microsoft support page . On this page, the vendor explains the macro problem in general and gives useful tips on what the user can or should do now. In this way, Microsoft contributes further to raising awareness of the dangers posed by cybercriminals on the Internet.
Automatic macro blocking – now what?
As mentioned at the beginning, macros are usually a good thing. So there may well be nothing wrong with them. So the user should ask himself if he was expecting a file that uses the same thing. It’s also important to look carefully at the sender of the message or attachment.
Is it a known person? And even if she did, did the message really come from her or did the hackers copy or steal the e-mail address ? The latter method, also known as CEO fraud or business email compromise, is becoming increasingly popular because the likelihood of success for hackers is usually very high. If you want to be safe, contact the intended sender and contact them personally.
Detecting infected Office files
Regardless of the security mechanisms implemented by the software itself, common sense helps in detecting phishing attempts and similar attacks. The most important information here: you will never need macros to read an Excel spreadsheet or Word document. Thus, there is no good reason to allow macros for files downloaded from the Internet or received via e-mail.
Whenever downloading or opening files involves a persistent request, caution is required. This is especially true if the sender is completely unknown or appears to be known, but the behavior and type of communication seems slightly different than usual. If in doubt, do nothing or remove it.
Macro lock implementation in April 2022.
According to the manufacturer Microsoft, the new feature will be available for the Office 2203 version from April . Then the group would also like to equip previous versions up to Office 2013 with a corresponding locking feature. This means that anyone who actually uses versions older than Office 2013 will not be able to use the required lockout. Regardless, however, appropriate upgrades should also be considered in this case . As always, only current software is safe software.