Office programs, which have different functional features for both employees and students, are used in many areas. Word, Excel and PowerPoint Although the most preferred programs Microsoft Teams, OneDrive, Outlook and OneNote following. Although these programs, which have different features, provide convenience in our work (if not paid attention), they can turn into a great danger with the attacks of cyber hackers.
According to a new study, a vulnerability that can trigger remote code execution in Microsoft Office programs was discovered, and it was stated that the vulnerability was exploited to attack more than 550 thousand users in total. In addition, it was announced that the number of users attacked on Microsoft Office programs in Turkey has increased by 17 percent recently.
YOUR DEVICE CAN TURN INTO A ‘ZOMBIE DEVICE’, YOUR SOUL CAN’T HEAR
I sought his opinions on the subject. Cyber Security Specialist Osman Demircan“A vulnerability that could trigger remote code execution was last detected. The attacker is able to install malicious software with a remotely executed code. In this way, the control of the computer falls into the hands of the attacker,” he said.
“With this kind of access, it’s very simple to turn the computer into a zombie device. While the device turned into a zombie computer is actually used by the user in a very healthy way, it can be a part of hacker attacks involving many devices.”
CRITICAL INFORMATION CAN ALSO BE STORED
Gurcan Sen, Technical Manager of ESET Turkey Istanbul “Attack objectives may differ. While some attackers use such vulnerabilities for espionage activity, others use ransomware to encrypt data and get money in return. For example; The attack, called ‘Muddy Water’, first detected in 2017, was for espionage purposes and targeted critical government institutions. The vulnerability exploited in this attack also belonged to the Office application. used the phrases.
At this point, ‘How do we know that we have been attacked?’, ‘What dangers can we face over Office?’ There are so many questions waiting to be answered.
‘HARM CODES ARE COMING TO YOU AS IF THEY COME FROM SOMEONE YOU KNOW’
1-) What is the most common method used by cyber hackers to obtain user information from Office?
Osman Demircan: The most commonly used method is to open the necessary path for remote malware installation on computers by exploiting the discovered vulnerability. It is aimed to ensure that the office document containing the triggering malicious code can be run by the user.
These documents appear as if they come from an acquaintance. For example, your company manager or a close friend… If you open the incoming file just because you know its name without question, you will be drawn into the trap.
CAN WE KNOW WE HAVE BEEN ATTACKED?
2-) Is it possible for institutions and users to understand that an attack is being made through Office or that their information is being compromised? Are there any specific tips for recognizing this?
Osman Demircan: If an undiscovered vulnerability is known only to the attackers, unfortunately, the accessed user will not be able to understand it. Intuitive antivirus programs close intrusive links when the trigger office file with malware runs, but this doesn’t always protect users. However, if the attacker performs an action that directly targets the user, such as encrypting files, the damage can be detected as soon as it occurs. I can only say these for individual users.
Gurcan Sen: These attacks can often spread via e-mail with Office documents. At this point especially institutionsThey should first use spam filters and try to block emails before they reach users. At the same time, a security product should be used on servers and computers. Apart from that, findings about common attacks are published by security manufacturers. Based on these findings, it is necessary to determine the measures to be taken in the system. In addition, in line with these findings, it is possible to detect computers that have been exposed to attacks in the system by using the relevant security products.
THEY ARE MOSTLY SUCCESSFUL
3-) What kind of dangers can users and institutions face through Office? How can these harm individuals and institutions?
Gurcan Sen: We can handle attacks with Office applications in two different ways. The first is attacks that exploit Office applications vulnerabilities. Here, malicious Word and Excel documents can be used to exploit the security vulnerability. The second is malicious Word and Excel documents delivered via email, designed to cause harm without the need for any Office application vulnerabilities.
Osman Demircan: It is the encryption of files and ransom demand, which is the most common in institutions. In addition to these, the use of networks in different cyber attacks by creating vulnerabilities in the infiltrated system is also among the risks. In addition, the attacker, who managed to infiltrate the internal network, can continue fraudulent activities through the mail system of the companies that keep the mail server inside.
By sending an e-mail to the attacker who managed to infiltrate, as if it were an e-mail from the general manager. “Send 250 thousand liras to this IBAN number as quickly as possible” or “We will make the final payments to the xxxx IBAN number” He tries to scam by sending e-mails in the form of e-mails and mostly succeeds.
‘CLOUD’ TECHNOLOGY IS NOT 100 PERCENT SAFE
4-) There is also such a thing as ‘working from the cloud’ in Office. Is this method more secure?
Gurcan Sen: The use of Office applications from the cloud ensures that system administrators do not have to apply released security updates to computers one by one. But that doesn’t mean 100 percent security. In the cloud environment, a number of vulnerabilities discovered by attackers, but not yet known by anyone, may emerge and be exploited.
Osman Demircan: Therefore, if the operating system is a duplicate software, antivirus and firewalls are not working, or if it is used on an insecure Wi-Fi network, the Cloud will not be very secure either.
The cloud system means the computer that ensures that all kinds of documents and files we need can be accessed from anywhere. In this way, companies have a more flexible structure. Cloud computing services, which make it possible not only for companies but also for personal data and documents to be accessible from anywhere, also eliminate material requirements such as hard disks and external carriers.
COPY SOFTWARE USERS ARE IN GREAT DANGER!
5-) Apart from the original Office programs, there are also copy software, which is preferred a lot. How dangerous is this situation?
Osman Demircan: There are many different vulnerabilities in all of the Office software available on the Internet, which is claimed to work free of charge and without a password, and is open for anyone to download. As soon as the so-called free Office application is installed on the computer and the installed computer connects to the Internet, it is only a matter of time before the attackers get inside.
If other applications are also installed illegally and the operating system is illegal, all data on the computer is completely in the hands of malicious people. They can roam around your computer in a way that they can do whatever they want to do. Everything that should be private and confidential, especially banking transactions and social media accounts, is now under their control. Not to mention listening to the environment with access to the microphone or taking images with access to the camera…
6-) What are the measures to be taken, both individually and institutionally, against all these attacks?
Osman Demircan: In the institutional sense, the measures that can be taken according to the size and needs of the company may vary. To begin with, all software must be licensed, a corporate and remotely managed antivirus program, systems to detect network movements and anomalies, and a firewall must be in place. In addition, user awareness training is very important. Although technical measures have been taken, the undiscovered vulnerabilities are seriously dangerous and it is very important that the cyber security awareness training of the employees of the institution is constantly updated.
For individual users All software and especially the Office application must be legal. They must have an anti-virus program and firewall software obtained legally on their computers. It is important that the settings of these software are made in such a way that they are checked for minimum hourly updates. When an infection starts on the computer caused by the vulnerabilities discovered in this way, these software will be able to stop and prevent it before a disaster occurs. The modems we use in our homes allow all devices to connect to the internet. In short, we can say that the head of the water. If it is a device that does not receive updates anymore, it is important to replace it with a new device that does such a critical job.