Modern software often offers extra features through the use of code extensions such as using Python or in the case of Microsoft the macro. We all love the extra functionality – threat actors like the way this functionality allows them to slip malicious code through our defences to us.
Microsoft “fixed” the macro issue:
Microsoft Office Macros – The Good, The Bad and the Ugly – CyberAwake
However the hackers then moved onto OneNote and other software has similar functionality which can be exploited – so malware threats can be anywhere:
Malicious Code Can Be Anywhere – SANS Internet Storm Center
Did you know that malicious code could come into your organisation with an Autodesk file?
Your takeaway
Your organisation may not use Autodesk, but you use other software packages. Your the risk section of your cyber security plan should include those packages that have this risk.
Clive Catton MSc (Cyber Security) – by-line and other articles