Even though infecting office documents with malware has been established for a long time, it is still very successful at tricking people. After creating a malicious macro on office documents, threat actors send the infected file to thousands of people via email and wait for possible victims. Macro is a series of commands bundled together to accomplish a task automatically.

According to recent Atlas VPN team findings, 43% of all malware downloads are malicious office docs. Harmful office files are popular among cybercriminals as they usually can evade many antivirus software from detection.

The findings are based on Netskope Threat Lab Cloud and Threat Report: July 2021 Edition. The research covers various office documents from all platforms such as Microsoft Office 365, Google Docs, PDFs, etc.

A year ago, in the second quarter of 2020, only 14% of all downloaded malware were malicious office docs. After that, in the third quarter of last year, the percentage jumped to 38%. Such an increase was mainly influenced by remote work as cybercriminals found malware-infected documents to be effective.

Later on, downloaded malicious office documents slightly decreased to 34% in Q4 2020 and Q1 2021. Despite that, downloaded malware as office documents went right back up to new highs at 43% the next quarter.

One of the most dangerous malware EMOTET was spread via Word documents before being disrupted in early 2021 by global law enforcement. What made EMOTET dangerous is that it opened doors for other malware installations such as information stealers, trojans, and ransomware.

It seems EMOTET’s success spread quickly in cybercriminal groups, inspiring more hackers to try out a similar technique. Another reason for malicious document success is that they can bypass antivirus and tend to manipulate being a trustworthy source.

For example, cybercriminals would mask malicious files and emails during the pandemic as registration for the vaccine or some other financial benefits. It is easier to make people fall for malware when it is associated with reliable documents.

Document-based malware protection

Malware-infected document attacks are made to take advantage of the user’s possible inability to recognize the risk. The best protection can only be achieved with a combination of cybersecurity awareness, training, and security software.

Do not open unsolicited attachments or links from unexpected emails. If the email is claiming to be a recognizable company or person, make sure the email address matches the actual organization’s address and look out for grammatical errors in the email itself.

Businesses should train their employees and educate them on cybersecurity risks. A significant amount of data breaches happen due to human error. Because of that, employees must be prepared to deal with phishing emails or any other type of cyberattack.

Make sure your device systems and software are updated to the latest version. New updates patch security vulnerabilities that malware actors often exploit. In addition, the latest version of antivirus software can recognize new malware threats.

Cybercriminals have benefited from the popularity of Microsoft Office, Google Docs by inserting malicious code into the files. Organizations must implement and maintain a cybersecurity strategy addressing both the technological and human components to protect users from falling victim to malware threats.