Yoroi-Cybaze: The top cybercrime and state-sponsored hackers infection vector in today malware landscape are the weaponized Microsoft Office documents delivered via email
The top cybercrime and state-sponsored hackers infection vector in today malware landscape are the weaponized Microsoft Office documents delivered via email. The second is the abusing of Microsoft DDE protocol with CVE-2017-11882. It has been revealed by Yoroi-Cybaze cyber security experts, who analyzed some samples of the last cyber attacks with this technique. The reason of this cybercrime “love” for the weaponized email is simple. Very often, macro malware does not rely on most-expensive-to-deploy 0-day exploit, and could bypass end-point security solution (macro are often whitelisted in enterprise environment) due to extensive use of multi-layered obfuscation mainly in powershell, broadly speaking with a very low barrier-to-entry. Furthermore, APTs Office documents with macros rely on simple social engineering tricks to lure users to enable them.
The cyber security experts: Several APTs today use spear-phishing mail with weaponized office document as an attachment