Microsoft is effectively killing off the preferred exploit that cybercriminals have used for years to infect and take over people's computers.
In an update to its Office 2016 suite, Microsoft is giving enterprise administrators the ability to block the running of macros in documents, which can be used to run legitimate tasks, but are also often used to connect to the internet and download malicious software.
Typically, hackers will send a "phishing" email with an Office attachment where they pose as someone inside a company, instructing the target to open the file. The file will often instruct the user to "enable macros" — and thus infect their computer — despite repeated warnings.
"The enduring appeal for macro-based malware appears to rely on a victim’s likelihood to enable macros," the company wrote in a blog post. "Previous versions of Office include a warning when opening documents that contain macros, but malware authors have become more resilient in their social engineering tactics, luring users to enable macros in good faith and ending up infected."
Now, the decision is being taken out of the user's hands. If an administrator decides to block macros, users will get a warning message that macros are disabled for security reasons.
This will no doubt be a welcome change for companies who are often targeted by these types of attacks. About 91% of targeted attacks start with spear-phishing emails, and Microsoft's own stats show that 98% of threats involving Office software use macros.
Though attacks involving macros are simple to pull off, they can have surprising results, such as hackers holding company data hostage for money, or using hacked machines to literally cut off electricity to thousands of homes.
