Federal government warns about harmful Office documents in e-mails – what to do?

The Reporting and Analysis Center for Information Assurance (MELANI) published a warning about malicious Office documents in mail attachments last Friday. The number of spam campaigns with malicious Microsoft Office documents has increased rapidly in recent weeks. Spam campaigns aimed at infecting computers with malicious software (malware) are now being observed on an almost daily basis.

The malware that is spread via this attack vector is usually Locky (ransomware) or Dridex (eBanking Trojan). While Locky malware encrypts files on the victim’s computer and then extorts the victims, Dridex targets the eBanking accounts of Swiss Internet users. Currently, customers of several Swiss banks are targeted by Dridex.

In each case, the attacks are carried out via so-called macros. Microsoft has therefore disabled the execution of unsigned macros by default. Now the attackers are trying to convince the recipients of the e-mails to activate macros. MELANIE advises never to execute macros in Office documents sent via e-mail.

How can you additionally protect yourself from attacks by malicious Office documents? MELANI provides recommendations on this. Customers of the Swiss Business Cloud from youngsolutions are already protected in some respects.

What is covered by the Swiss Business Cloud?

• As a youngsolutions customer, your virus protection is always up to date. You are thus protected against malware in the best possible way.
• youngsolutions regularly creates a backup of your data. You could fall back on this in case of emergency.
• Potentially harmful e-mail attachments are already blocked and filtered on your e-mail gateway or by the spam filter.
• All e-mail attachments that contain macros (e.g. Word, Excel or PowerPoint attachments that contain macros) are blocked.

Without up-to-date virus protection and regular backups, malware attacks can have severe consequences. In the Swiss Business Cloud from youngsolutions, your business data is protected in the best possible way. More Info.

What can you do yourself against malicious Office documents?

• Be careful when handling Office documents. Do not open Office documents from unknown or suspicious senders; if in doubt, ask the sender by phone.
• In general, be skeptical of unexpected e-mails (e.g. invoices, orders, etc.) or e-mails from unknown senders. If in doubt, contact the sender by telephone.
• Use a collective signature for the authorization of payments via eBanking (each payment must thus be approved by two different eBanking contracts or logins, which massively reduces the risk of fraudulent payments).
• Use a dedicated computer for eBanking, which you use exclusively for eBanking (no surfing, no reading of e-mails, etc.).

Further information

• MELANI: Dealing with encryption Trojans (for private users and companies)

• MELANI: Leaflet on IT security for SMEs

Source: MELANI