Are Office Macros posing an unnecessary threat?

By Euan Henderson
Cyber security Apprentice

The NCSC has released new advice for Macros. Last year it was reported that nearly half of detected malware deliveries were due to Office Macros.

The guidance offered, advises that organisations begin to implement controls that are designed to mitigate risk posed by Macros.

On MacOS, it is recommended to harden the sandbox around all Office apps and disable the more dangerous Macro capabilities, commonly exploited by malware.

On Windows 10, use Anti-malware Scan Interface (AMSI) or compatible anti-malware products such as ESET or Kaspersky (note AMSI is only available for Windows 10 devices). AMSI can identify threats executing in Microsoft features such as Powershell.

The NCSC is also suggesting that organisations begin to find solutions to Macros, such as the application Microsoft Flow. This application should combine features from the Macro system and can be used, for example, in Excel to update tables and even ask permission to update the data. It is believed that the majority of common Macro tasks can be substituted by the use of Flow.

For office 365 users, it is recommended to use Azure AD policies to block attachments with Macros attached.
For further information please visit:
the NCSC blog on Malicious Macros