Tech Tuesday: A Favorite Hacker Method Killed by Microsoft

Locked door


Malicious hackers are something like artists in that they have favorite methods in doing what they do. Much in the same way Rembrandt, Pollock, and Monet, hackers have a style. Usually, that style serves as a signature, and that signature is their own trusted method in getting the job done. However, while the styles of artists differ radically, the base skill—be it painting, music, or otherwise—all come from a foundation. Musicians create music with notes. Artists create art with a media like paint or stone. And some hackers, in order to get their mayhem underway, utilize macros that aid them in infiltrating systems.

Microsoft has decided the best way to handle hackers: take away their tools.

With Office 2016 now making its way to consumers worldwide, Microsoft is unveiling a macro-blocking feature that will remove the preferred exploit cyber-criminals have used for years to infiltrate and infect computers. Enterprise administrators will now be granted permissions to block macros used to run legitimate tasks while simultaneously connecting to the Internet for downloading software. Typically, malicious hackers utilize these multitasking commands in an attachment to an internal email. Posing as someone inside the company and instructing the recipient to open the file, the user would be given a dialog box instructing to enable macros, thereby beginning a chain of events leading to malware from the Internet and a compromised computer. System administrators were fed up with users enabling macros that were usually turned off, and for good reason: Security. In this 2016 upgrade, provided administrators have turned off macros, users cannot override administrative rules and turn on macros.

This upgrade has administrators jumping for joy and breaking out the champagne. About 91% of the targeted attacks start with fishing emails and Microsoft’s own stats show that 98% of the threats involve Office software using macros. On this blog we have not only discussed the importance of cybersecurity and taking precautions when online, but we have also discussed the real dangers of user error. From shoddy passwords to overheard phone calls on commuter train, social engineering is no longer a tactic employed by the most clever of malicious hackers. Careless and cavalier computer users who believe “Why would anyone want to hack my computer?” make data breaches and identity theft almost as easy as crossing the street with the “Walk” sign giving you right-of-way. Microsoft has taken a huge step forward in helping protect ourselves from malware, keylogging apps, and viruses that can complicate everyday operations at your business, be that business small, medium, or super-sized with a 36-ounce soda. The truth remains that when it comes to keeping the hackers at bay, the best and strongest security begins with the individual. If something seems suspicious, don’t hesitate. Call the sender, confirm the attachment is safe. If a macro is needed for an attachment, stop right there and contact IT for support.

Cybersecurity is not rocket science. In fact, a lot of it is common sense peppered with a touch of caution. Who knows? Those few seconds for confirmation could very well save you and your business time and money. Just something to think about before blindly clicking the “OK” button. 




shurtz.jpgA research physicist who has become an entrepreneur and educational leader, and an expert on competency-based education, critical thinking in the classroom, curriculum development, and education management, Dr. Richard Shurtz is the president and chief executive officer of Stratfdord University. He has published over 30 technical publications, holds 15 patents, and is host of the weekly radio show, Tech Talk. A noted expert on competency-based education, Dr. Shurtz has conducted numerous workshops and seminars for educators in Jamaica, Egypt, India, and China, and has established academic partnerships in China, India, Sri Lanka, Kurdistan, Malaysia, and Canada.



Leave a Reply

Your email address will not be published. Required fields are marked *