Ever since Microsoft started using macros to automate Office

Macros have been a simple, effective means of spreading malware since the 1990's, and some hackers still rely on them heavily to ensnare and infect unsuspecting users.

It's a long-standing issue that many companies have attempted to address over the years. Now, it seems that it's Microsoft's turn at bat again.

Recently, the Redmond Giant announced a new integration between its AMSI (Antimalware Scan Interface) and Office 365, aimed squarely at delivering a knockout blow to macro-based malware.

Earlier attempts to put a stop to macro abuse focused on Visual Basic Scripts (VBS) and removing macro-based vulnerabilities from them.

 

Defense of VBS steered hackers to XLM 

That was effective as far as it went, but it had the unforeseen effect of pushing hackers away from using VBS and toward XLM (Extensible Markup Language). Those are of an older macro language that first shipped with Microsoft Excel back in 1992 and is still supported to this day. The new integration paradigm sees AMSI scanning Excel 4.0 XLM macros at runtime, which should (emphasis on should) make it virtually impossible for hackers to exploit them.

As a representative from Microsoft Security Teams explains:

"While more rudimentary than VBA, XLM is powerful enough to provide interoperability with the operating system, and many organizations and users continue to use its functionality for legitimate purposes. Cyber criminals know this, and they have been abusing XLM macros, increasingly more frequently, to call Win32 APIs and run shell commands.

Naturally, threat actors like those behind Trickbot, Zloader, and Ursnif have looked elsewhere for features to abuse and operate under the radar of security solutions, and they found a suitable alternative in XLM."

 

My perspective

Time will tell how effective this new approach will be. Unfortunately, even if it is wildly successful, it will simply push hackers toward some other easy exploit. Even so, kudos to Microsoft for taking the fight to the hackers.

 

~ Harry Callahan should say - "You've got to ask yourself one question… Do I feel lucky? Well, do ya punk?" ~

 


By Denis Wilson

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter

I am also a published author and speaker on cloud computing, work@home, and cybersecurity. I work extensively with business and professional associations to provide small business technology education programs.

 

Contact me if you would like me to speak to your association