Microsoft is adding extra protection to OneNote, one of the many productivity tools included with Microsoft 365, after hackers started abusing it to deliver malware (opens in new tab) en masse.
According to a new roadmap entry for Microsoft 365, spotted recently by BleepingComputer, OneNote will display an extra warning notification when a user tries to run a high-risk file.
In the “Microsoft OneNote: improved protection against known high risk phishing file types” article, the company said the change should be live by the end of April this year.
Protecting your business from the biggest threats online (opens in new tab)
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.
Alternatives to weaponized macros
"We add enhanced protection when users open or download an embedded file in OneNote," Microsoft said in the advisory. "Users will receive a notification when the files deem dangerous to improve the file protection experience in OneNote on Windows."
> 8 essential Microsoft OneNote tips (opens in new tab)
> Malicious use of Microsoft OneNote documents on the rise (opens in new tab)
> Microsoft OneNote attachments are being used to spread malware (opens in new tab)
Hackers turned to OneNote after Microsoft blocked Excel from running macros in files downloaded from the internet. Macros were one of the most popular attack vectors for threat actors, but ever since the Redmond giant made the change, threat actors have been experimenting with a number of alternatives.
One that has been catching on is the distribution of OneNote files with attachments, which, like macros, can be manipulated to download and run malicious files hosted on third parties.
To make sure victims activate the attachments, the hackers would create a file that looks blurred, with a huge overlaid button saying “click here to view” or something similar. The explanation behind this approach is that the file is “protected”.
Using OneNote to deliver malware started grabbing cybersecurity pros’ attention in December last year, BleepingComputer reported, citing a Trustwave report.
Besides OneNote files, hackers have also been distributing shortcut files (.LNK), as these could come with pretty much any icon (for example, an icon of a .PDF file) and are not inherently malicious.
- Check out the best small business software (opens in new tab) right now
Via: BleepingComputer (opens in new tab)