Office documents are widely used by threat actors to deliver malware. Non-binary files like Microsoft Office documents should also be carefully examined because they can be the first stage of an attack that caused the malware execution to begin with. We know that malicious code was executed, so we search for suspicious binary files containing this code (looking for recently installed programs, for example). One of the challenges IR teams face is finding all of the malicious files that were used in the attack and classifying them to their relevant malware family.ī inary files are usually the main suspect. When handling a security breach, the incident response team will collect suspicious files and evidence from the compromised endpoint in order to investigate the incident. Handling Malicious Microsoft Office Files During Incident Response A seemingly innocent Microsoft Word file, for example, can be the initial infection stage of a dangerous attack where a threat actor uses a document to deliver malware. Most phishing attacks arrive via emails containing malicious attachments. Phishing attacks are one of the most common causes of security breaches according to Verizon’s 2021 Data Breach Investigations Report. All the most common file types that can be used to deliver malicious code, including Microsoft Office files, are supported in Intezer Analyze.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |