Hackers are now able to use Microsoft 365 Excel features against the program. Using the spreadsheet application designed by Microsoft, attackers are able to manipulate Excel to launch their digital strikes by using the Excel feature called Power Query, and almost every user of the program is at risk of the hack.
Mimecast revealed the problem with their chief scientist, Meni Farjon, stating:
“Attackers don’t need to invest in a very sophisticated attack—they can just open up Microsoft Excel and use its own tools”
Farjon continued by saying that the hacks have “basically 100 per cent reliability” working best on the older versions which haven’t been kept up to date with Microsoft’s security advancements, but will it will still work on the newer versions of the software and across all system versions (i.e. Windows, Mac, Linux, etc.)
Microsoft has previously suggested ways to prevent these hacks taking place, such as disabling the DDE for various Office suite programs, but because the feature is an authorised feature of the program, it is not possible to fully combat the hacking ability to date.
Due to the legitimacy of the feature, it is difficult to detect the hackers but Mimecast suggests that they are yet to uncover a considerably malicious attack using this method.
However, Farjon believes it won’t be long before it is used maliciously because “it’s easy, it’s exploitable, it’s cheap, and it’s reliable.”
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.