Does Follina mean it's time to ditch Microsoft Office?

Does Follina mean it’s time to ditch Microsoft Office?

As a freelance writer, I spend most of my day working in Microsoft Word. Then, send the drafts to clients and businesses around the world. So, the news about a newly discovered vulnerability in Microsoft Office made me worry about the possibility of accidentally spreading malware to my clients. I take extra precautions to ensure that I do not put my clients at risk. However, using Microsoft Office was something I did several times a day without a second thought.

I have brought up the problem to a few of my clients. I wasn’t the only one deciding whether their company should give up Microsoft Office for security reasons. The second question that was asked was whether other alternatives were actually safer. Like many things in business, the decision to use Microsoft Office comes down to the decision of risk versus benefits.

Zero-Day Follina has spread through Microsoft Word

At the end of May, UK-based cybersecurity expert and threat researcher Kevin Beaumont discovered Volina. Beaumont books He chose the name because he found the number 0438 in the malicious code. This number is the area code for the Italian town of Follina.

With Follina, attackers can take advantage of a vulnerability in Microsoft Support Diagnostics Remote control devices and systems. However, as WIRED explains, the vulnerability is spread through modified Word documents. The attackers use social engineering to get the user to download the infected file and then spread the malicious code.

By activating a template remotely, attackers retrieve an HTML file with malicious code. according to Microsoft, the attacker can then perform actions that are permitted by the user’s rights. They can install programs, view data, change data, delete data, or create new accounts. Beaumont was particularly concerned that Microsoft for Endpoints had not detected the malicious code.

The attackers were already exploiting this code “in the wild”. Follina is a zero-day exploit, which means defenders have zero days to find a solution. Beaumont also found evidence of the vulnerability in the fall of 2021 and was used by attackers in April 2022. Correction on June 14 Which fixed the vulnerability.

Other Microsoft Risks

Follina is the latest example of security vulnerabilities found in Microsoft products.

In 2018, criminals used three different Microsoft 365 vulnerabilities involving downloading infected Word files to Zyklon malware spread. Even at a bargain price of $75, malware can be used for a wide variety of attacks. It can steal credentials, spread malware, mine cryptocurrency, and launch distributed denial of service attacks.

The attackers also embed macros in Word documents as a means of spreading malware. In the past, they simply had to use a phishing scheme. Since macros are enabled by default, malicious code will run when the document is opened and then harm their system. Microsoft made it a little trickier by turning off macros by default. Attackers now use intimidation tactics to get users to run macros, which then run the malware.

Recently, Microsoft Found spread of malicious code Through Word documents disguised as legal documents. In this case, the vulnerability was the one in which the document could use a file Malicious ActiveX Control. The number of attacks (less than 10 in this case) was low. However, it does illustrate the possibility of one vulnerability in Microsoft Word.

Why target Microsoft 365 products?

Attackers often look for the easiest way to cause the most damage. Microsoft Office documents are the most popular business solution. Therefore, threat actors view Microsoft Office as an easy way to spread malware and code.

With more companies switching to Office 365 in recent years, the products are becoming more and more attractive. according to Vectra’s Office 365 Security Takeaways eBook, 97% of business decision makers report that their organizations have expanded the use of Microsoft 365 as a result of the pandemic. With more people using Microsoft Office products than ever before, Microsoft products will likely continue to be a popular vehicle for malware and other digital threats.

Office 365 documents, especially .doc and .xlsx files, are used for many different purposes, whether for business or personal. You might get an Excel file detailing a nonprofit group budget or invoice, or even your spouse send you a draft monthly budget. Word files also power a series of uses – flyers for a local play, a letter from a family member, or a timeline for an upcoming event.

With all these different types of documents, it’s relatively easy for attackers to create a social engineering scheme that drops a lot of people into using Office 365 products. For example, a phishing email with the invoice or budget as the subject line is generic enough that some people can At least open them, as they might expect someone to send you an invoice or budget.

Should you stop using Office 365?

With criminals specifically turning to Microsoft products for their next big attack, many companies are wondering if they should find another solution. Yes, there are alternative tools – Google Workspace and Apple iWork – that are not currently popular with attackers. But is this really the right answer, especially since they are more likely to be targeted if organizations make a mass transformation?

For many companies that use all Microsoft products, switching won’t be easy. Their operations and file systems are centered on Office 365, including other products like Teams and One Drive. It’s quite possible that the effort in switching wouldn’t be worth the low risk, especially since Google and Apple products don’t have the same level of productivity and integrated tools as Microsoft.

Improving organizational cybersecurity

Rather than switching products, which will likely have few positive effects, organizations should focus on reducing risks and vulnerabilities across the board, regardless of the vehicles car criminals use to spread malicious files. By focusing instead on employee training and creating a cybersecurity culture, organizations can reduce the odds of an employee falling into a phishing scheme.

Organizations also tend to have mistrust, a security framework that reduces risk, especially with a remote or mixed workforce. Many techniques that are part of the mistrust reduce the likelihood or impact of an attack. By using multi-factor authentication, organizations can reduce attacks of stolen credentials. In addition, partial partitioning reduces damage even if an employee downloads a malicious file.

Easy to focus on the latest vehicle to attack. However, the threat actors are trying to stay one step ahead and constantly changing their schemes and vehicles. By focusing instead on reducing your overall risk and vulnerability, regardless of the specifics of the attack, your organization can make more progress by improving cybersecurity rather than switching tools.

#Follina #time #ditch #Microsoft #Office

Leave a Comment

Your email address will not be published. Required fields are marked *