Cyber Criminals are changing the way they attack organisations. A recent report published by Record Future highlights Microsoft products are gaining favour over Adobe Flash Player. In 2017 criminal exploit kits and phishing campaigns favoured the delivery of malware via Microsoft products. Last years statistics show 7 of the top 10 vulnerabilities delivered via Microsoft products. This has bucked the trend of previous years in which Adobe Flash was the prefered delivery mechanism.
These newer exploit kits tend to rely on the download and execution of Visual Basic scripts containing Powershell commands within malicious office documents. Internet Explorer was also targeted to deliver Malware. Although Flash player is due to be phased out by 2020, it still remains a popular way to infect machines. Older browsers often autorun flash content. If this content is infected, machines are then compromised.
2018 is showing no relent by attackers in the use of Microsoft Office documents. An article in myonlinesecurity.co.uk https://goo.gl/a6pAU2 describes how variants of CVE-2017-0199 and other Common Vulnerabilities and Exposures are being deployed on a daily basis using malicious Word documents. As newer versions of Microsoft Office documents are natively compressed and should be delivered to your companies email server using encrypted protocols, catching such files before they have the ability to infect your users is critical and becoming difficult without the correct technologies being deployed.
If your organisation does not have a Next Generation Firewall (NGFW), be on the lookout for email your not expecting from banks, government agencies and emails with subjects such as Refund or Invoice. Ensure your endpoint protection solution is up to date with the latest signatures.
If you do have an NGFW, ensure it has the ability to inspect encrypted traffic such as SMTPS, POP3S and IMAPS and the ability to decompress Microsoft office documents before any inspection takes place.