We are witnessing a surge in weaponized Microsoft documents containing a macro.
This campaign has very low detection by signature based solutions. It uses advanced social engineering techniques designed to make the user open the document and enable the macro. As you can see in the screen shots these are similar but more graphically adapt to the notorious locky campaign of 2016.
Screen shot of documents cleaned by Threat Extraction.
The last couple of days show a ten fold increase in the malicious files.
The surge as seen in numbers in the last week.
SandBlast Threat Extraction cleans the macro from the document at zero time.
SandBlast prevents the download of the original file by three zero day engines: Macro Analyzer, CPU level detection on crash and the emulator by its malicious process activity.
I'll update when there is more data.
Thanks,
Gadi
| User | Count |
|---|---|
| 27 | |
| 22 | |
| 19 | |
| 12 | |
| 11 | |
| 9 | |
| 9 | |
| 8 | |
| 6 | |
| 6 |
Mon 25 Nov 2024 @ 02:00 PM (EST)
(Americas) AI Series Part 3: Maximizing AI to Drive Growth and EfficiencyTue 26 Nov 2024 @ 10:00 AM (CET)
EMEA Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsTue 26 Nov 2024 @ 03:00 PM (CET)
Navigating NIS2: Practical Steps for Aligning Security and ComplianceTue 26 Nov 2024 @ 05:00 PM (CET)
Discover the Future of Cyber Security: What’s New in Check Point’s Quantum R82Tue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management WorkshopTue 03 Dec 2024 @ 05:00 PM (CET)
Americas CM Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsMon 25 Nov 2024 @ 02:00 PM (EST)
(Americas) AI Series Part 3: Maximizing AI to Drive Growth and EfficiencyTue 26 Nov 2024 @ 10:00 AM (CET)
EMEA Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsTue 26 Nov 2024 @ 03:00 PM (CET)
Navigating NIS2: Practical Steps for Aligning Security and ComplianceTue 26 Nov 2024 @ 05:00 PM (CET)
Discover the Future of Cyber Security: What’s New in Check Point’s Quantum R82Tue 03 Dec 2024 @ 05:00 PM (CET)
Americas CM Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsTue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management WorkshopWed 04 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 2: Cloud Risk Management Workshop
