Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
We are witnessing a surge in weaponized Microsoft documents containing a macro.
This campaign has very low detection by signature based solutions. It uses advanced social engineering techniques designed to make the user open the document and enable the macro. As you can see in the screen shots these are similar but more graphically adapt to the notorious locky campaign of 2016.
Screen shot of documents cleaned by Threat Extraction.
The last couple of days show a ten fold increase in the malicious files.
The surge as seen in numbers in the last week.
SandBlast Threat Extraction cleans the macro from the document at zero time.
SandBlast prevents the download of the original file by three zero day engines: Macro Analyzer, CPU level detection on crash and the emulator by its malicious process activity.
I'll update when there is more data.
Thanks,
Gadi
