Office 365 Update to Help Protect you from Macro Based Malware

Office 365 Update to Help Protect you from Macro Based Malware

We are now in an era where it’s hard not to make use of new technologies such as Cloud Storage.  With your data available anywhere you are through the connection of the internet, this has helped many businesses become more flexible in their operations.  However, we are always skeptical on how safe our data is since our data is stored somewhere we do not know and if these locations are secure from cyber criminals.

Now if you are an Office 365 user, you can rest easy as they have just recently announced that they are now integrating their Antimalware Scan Interface (AMSI) to the app!  AMSI was integrated to Office 365 as a way to help improve security against attacks that make use of malicious macros and scripts that target office documents by detecting them early on or by stopping them from executing.  Below is a quote from the Microsoft Security Team for their reasoning in bulking up security against macro attacks:

“Macro-based threats have always been a prevalent entry point for malware, but we have observed a resurgence in recent years. Continuous improvements in platform and application security have led to the decline of software exploits, and attackers have found a viable alternative infection vector in social engineering attacks that abuse functionalities like VBA macros.”  

If AMSI is familiar to you, it might be because it isn’t something new as it was already being used by Microsoft as early as 2015 when they announced that Powershell adopted it as well for security purposes.  To give a background on AMSI, it is an open interface available on Windows 10 for applications to request, at runtime, a synchronous scan of a memory buffer by an installed antivirus or security solution. Any application can interface with AMSI and request a scan for any data that may be untrusted or suspicious.

If you want a more in depth read on how AMSI is helping protect you from attacks, you can read the original blog post from the security team here or you can contact us at 893 9515 and we will be happy to help you!