The malware that is spread via this attack vector is usually Locky (ransomware) or Dridex (eBanking Trojan). While Locky malware encrypts files on the victim’s computer and then extorts the victims, Dridex targets the eBanking accounts of Swiss Internet users. Currently, customers of several Swiss banks are targeted by Dridex.

In each case, the attacks are carried out via so-called macros. Microsoft has therefore disabled the execution of unsigned macros by default. Now the attackers are trying to convince the recipients of the e-mails to activate macros. MELANIE advises never to execute macros in Office documents sent via e-mail.

How can you additionally protect yourself from attacks by malicious Office documents? MELANI provides recommendations on this. Customers of the Swiss Business Cloud from Open Circle are already protected in some respects.

What is covered by the Swiss Business Cloud?

• As a Open Circle customer, your virus protection is always up to date. You are thus protected against malware in the best possible way.
• Open Circle regularly creates a backup of your data. You could fall back on this in case of emergency.
• Potentially harmful e-mail attachments are already blocked and filtered on your e-mail gateway or by the spam filter.
• All e-mail attachments that contain macros (e.g. Word, Excel or PowerPoint attachments that contain macros) are blocked.

Without up-to-date virus protection and regular backups, malware attacks can have severe consequences. In the Swiss Business Cloud from Open Circle, your business data is protected in the best possible way. The firewall & network solution can also increase your security level.

What can you do yourself against malicious Office documents?

• Be careful when handling Office documents. Do not open Office documents from unknown or suspicious senders; if in doubt, ask the sender by phone.
• In general, be skeptical of unexpected e-mails (e.g. invoices, orders, etc.) or e-mails from unknown senders. If in doubt, contact the sender by telephone.
• Use a collective signature for the authorization of payments via eBanking (each payment must thus be approved by two different eBanking contracts or logins, which massively reduces the risk of fraudulent payments).
• Use a dedicated computer for eBanking, which you use exclusively for eBanking (no surfing, no reading of e-mails, etc.).

Further information

• MELANI: Dealing with encryption Trojans (for private users and companies)

• MELANI: Leaflet on IT security for SMEs

Source: MELANI