As Office365 software applications continue to be used regularly by the majority of users in virtually all industries, the threats that lurk in the software suite affect practically all who use a computer, including systems administrators and users alike. While these threats are nothing new, certain developments have made them more dangerous – like how Microsoft started allowing the use of python scripts within Excel since September 2023 for instance, increasing the potential for malicious use. For these and other reasons, security awareness reminders on the threats posed by the Office365 suite is always practical. Cofense Email Security offers a detailed look for better awareness and understanding of these threats.

Embedded Links
Perhaps the most common tactic used by threat actors of varying skill is to distribute malware and conduct credential phishing by embedding links into documents. Cofense says malicious links have been seen to deliver more credential phishing than malware. Office documents can also be created and formatted in such a way as to build legitimacy and trust with users, making it more likely that the links will be clicked. There are also more creative ways to embed images and shapes that obfuscate the embedded links. It’s important to note that phishing links can be located not only inside emails, but also documents and attachments.

QR Codes
Similar to embedded links, QR (Quick Response) codes also find their way into Office documents with the same malicious intent. As many users have not received the same level of awareness training for malicious QR codes as they have malicious links, QR codes pose a significant threat. QR codes also offer more deception and obfuscation defenses making them more likely to bypass security email gateways (SEGs). As the popularity of malicious QR codes continues to grow, it’s becoming just as important to include this threat in regular security awareness trainings. WaterISAC has previously shared a timeless piece from AT&T surrounding the use and background of malicious QR codes and how to mitigate them.

Office Macros
Despite Microsoft’s global disabling the automatic execution of macros in Office documents received from the internet, end users are still able to manually “enable content” if presenting with the banner/notification.

Cofense dives deeper into the analysis of these methods and includes documentation concerning Office document vulnerabilities, such as CVE-2017-11882 and CVE-2017-0199, which have been widely used by threat actors. Members are encouraged to review these vulnerabilities and incorporate relevant information into security awareness curriculum. For the full article, visit Cofense.