About 70% of all cyber-attacks are executed by malicious insiders. 30% are performed by external attackers from outside the organization’s network.
But do we take this 70/30 split into account when planning IT security programs and allocating budgets? My personal feeling is that it is exactly the other way.
However, it seems that the IT security industry is reconsidering the direction of further development. The following statement of the new RSA President Amit Yoran saved my day:
“Building taller walls and digging deeper moats is not solving our problems. The perimeter mindset is still clinging to us. We say we know the perimeter is dead; we say we know the adversary is on the inside, but we don’t change our actions.”
For some month reports about macro viruses are constantly appearing in the IT press. Although the latest report, ‘Macro viruses reemerge in Word, Excel files’, published by Michael Heller on the TechTarget platform SearchSecurity at 24 February 2015, could make us feel somewhat insecure, there is in my opinion no reason to panic.
From the statistics created by security firm Kaspersky, we see that attackers used Microsoft Office in 1% of all cases for the distribution of exploits in 2014. In total Kaspersky products detected and neutralized 6.167,233,068 cyber-attacks in 2014. This means that Word or Excel were used in 61,763,330 cyber-attacks, 2.3 times more than in 2013.
Sounds anything but dangerous. Moreover, we are better prepared than 15 years ago, when macro viruses were most popular. Many protection measures are common sense, but sometimes it’s good to recap.
With that, I suggest:
Please make sure that your anti-malware program is always up-to-date.
Configure Macro Settings in Microsoft Office Trust Center. Choose ‘Disable all macros with notification’ as default:
‘Disable all Macros With Notifications’ in Trust Center
Use Windows Update to keep Microsoft Office and Windows up-to-date with the latest patches.
On 64 bit Windows please activate ‘enhanced Protection Mode’ in Internet Explorer. This will force Windows to run Internet Explorer in Container Mode at low integrity level. In addition, please download all files to the default download location.
Enable SmartScreen Technology in Internet Explorer. Malicious files are downloaded from malicious sites. SmartScreen Technology supports you by blocking downloads from known malicious sites.
Try working with standard user rights. This limits the impact of an attack to the operating system
The last and perhaps the most important rule: Think twice before you click on a word or excel file stored in an untrusted site. As a rule of thumb the entire Internet is an untrusted site, and of course all email attachments.
There’s really no need to panic. Macro viruses are no rocket science. The available protection measures are enough to deal with this old stuff.