In the spirit of raising awareness about cybersecurity threats during the festive season, we’re excited to introduce our unique and thought-provoking holiday series, “The Twelve Days of Maliciousness.” This list will creatively highlight a different cyber threat for each of the twelve days, mirroring the traditional holiday song structure. This engaging and informative approach aims […]

The post InQuest Presents "The Twelve Days of Maliciousness" appeared first on InQuest.

In the spirit of raising awareness about cybersecurity threats during the festive season, we’re excited to introduce our unique and thought-provoking holiday series, “The Twelve Days of Maliciousness.” This list will creatively highlight a different cyber threat for each of the twelve days, mirroring the traditional holiday song structure. This engaging and informative approach aims to educate and prepare individuals and organizations for the diverse range of cyber threats they face, especially during times of heightened digital activity. Check back each weekday to see the next “gift” on our list!

On the first day of Maliciousness bad actors gave to me: A document with embedded macros

A tried and true classic, document embedded macros are leveraged for malicious use by petty cyber criminals and APTs alike. The capability of living off the land with VB and PowerShell script allows threat actors access to a vast array of functions that ship on every Windows machine to deliver and execute obfuscated payloads or retrieve supplementary files from remote locations while bypassing User Account Control. Though it has seen a decline in popularity since Microsoft introduced Mark of the Web (MotW), disabling macros for documents acquired from the internet, this has not deterred the cybercriminal community from further development with macro based delivery methods. Including the weaponized document as an attachment is no longer viable, so threat actors pivot to other file formats and encapsulation methods coupled with enhanced social engineering tactics to ensure intended victims follow the necessary steps for initial access.

The post InQuest Presents "The Twelve Days of Maliciousness" appeared first on InQuest.