Malware

You can hack banks with this Microsoft Excel attack

According to information security audit specialists there is a Microsoft Excel feature called Power Query that could be used by threat actors to inject malware into remote systems. Experts at Mimecast Threat Center described how the vulnerability could be exploited through a proof of concept.

Power Query enables Excel users to embed
external data sources in Office service worksheets. The security firm raised an
attack method to launch a remote DDE (Dynamic Data Exchange) attack against a
spreadsheet to deliver a malicious payload and control it through the
compromised function.

According to information security audit
specialists, Power Query could also serve to launch complex and hard-to-detect
attacks by combining several vulnerable vectors. By exploiting this feature,
hackers could attach malware
to a data source outside Excel and load the content into the spreadsheet when
the user opens it.

Experts mention that Microsoft collaborated
with them in the process of disclosing the flaw; however, the company has
decided not to release a fix for this vulnerability. Instead of fixing the bug
with a patch, Microsoft suggests to users an alternative method to mitigate
risks that involves spreading a security alert for application protection when
using the DDE feature.

One of the possible attack vectors begins with
hackers hosting an external web page on an HTTP server containing the malicious
payload that will be delivered to the spreadsheet. “The HTTP server
listened locally on port 80 and served DDE content in response when a
spreadsheet request was received,” information security audit experts
said.

If the user chooses to allow external data to
be loaded into the Excel worksheet cell, the attack begins. According to the
experts of the International Institute of Cyber Security (IICS), to make the
DDE run, the user must double-click the cell that loads the DDE and then click
again to release the load. Those operations will activate the DDE and launch
the payload that was received from the attacker.

To Top

Pin It on Pinterest

Share This