Don’t download unknown office documents

43% of all malicious payloads come from them.

We’ve all seen the emails in our spam inbox. A document offering you the chance to become a millionaire, or telling you about an urgent legal document you need to look at. Most of us ignore them as the malware-infested traps they are. But a good number of us still open them.

More than four in 10 malware downloads are delivered through the medium of an office document, according to Netskope Threat Lab’s Cloud and Threat Report: July 2021 Edition.

The data shows a significant jump since Q1 of 2020, when just 20% of malware was delivered through files like PDFs, Microsoft Office files and Google Docs.

Unsurprisingly, the covid-19 pandemic provided a real boon for those cyber criminals looking to capitalise on the changed way of working. Between the second and third quarters of 2020, as more and more of us left the office and relied on remote working and the productivity tools that allowed us to share documents with colleagues, the proportion of malware being delivered through supposedly innocuous files skyrocketed.

Taking advantage of the new way of work

“A year ago, in the second quarter of 2020, only 14% of all downloaded malware were malicious office docs,” says Atlas VPN’s William Sword. “After that, in the third quarter of last year, the percentage jumped to 38%. Such an increase was mainly influenced by remote work as cybercriminals found malware-infected documents to be effective.”

One of the key inspirations for organised crime groups looking to take advantage of the new way of work was the highly successful EMOTET worm that wreaked havoc before it was eventually disrupted in early 2021 by a consortium of law enforcement organisations from across the globe. Until then, it had managed to inject its payload into millions of machines, all while being delivered through Word documents.

“What made EMOTET dangerous is that it opened doors for other malware installations such as information stealers, trojans, and ransomware,” says Sword. “It seems EMOTET’s success spread quickly in cybercriminal groups, inspiring more hackers to try out a similar technique.”

Popularity breeds success

“Cybercriminals have benefited from the popularity of Microsoft Office and Google Docs by inserting malicious code into the files,” says Sword. “Organisations must implement and maintain a cybersecurity strategy addressing both the technological and human components to protect users from falling victim to malware threats.” The use of macros within these documents – or even links to sites that will download a payload – can spell the end of your computer and be a disaster for any organisation trying to stay away from malware. It’s not just the risk of those documents that you need to be conscious of, though.

Cloud-delivered malware is at an all-time high of 68%.

You can’t simply worry about the documents you access online, but also the apps you grant access to your Google Workspace. That, too, is an attack vector, especially given 97% of Google Workspace users have authorised at least one third-party app to have access to their files.

So how do you prevent yourself from falling victim to these kinds of issues around malware? As with all things, it’s about exercising caution. Be very conscious of where a document is coming from, and whether you’re expecting it.

If you’re at all uncertain, think twice before opening it, and try and independently verify with the purported sender whether or not they intended on giving you the document and if its contents are legitimate. You could call up the sender on the phone to ask whether they’ve sent you the document you’ve received – very often, they don’t know they’ve been infected and their account has been co-opted.