The Microsoft Excel is one of the most used programs. This makes it an attractive target for hackers. Indeed, it has been found recently that some of the legitimate features of the program itself can help even more hackers. In short, the program itself creates a problem for itself.
Researchers from the company Mimecast they discovered that an Excel feature with the name Power Query, can hackers make it easier for them to attack Office 365. Power Query enables users to combine data from different sources with a spreadsheet. However, this mechanism for connecting various elements can be used by them hackers to connect with one malicious site, containing malicious software. In this way, attackers can spread malicious excel spreadsheets and gain access to victims' systems.
"Attackers do not have to do much advanced attack. They can simply open Microsoft Excel and use their own tools"Says Meni Farjon, Mimecast's lead scientist. “The exploit will work on all versions of Excel as well as newer versions, and will probably work on all operating systems and programming languages, because it is based on a legitimate feature.
When Power Query connects to a malicious site, attackers can start one Dynamic Data Exchange attack, which exploits a Windows protocol that allows applications to share data in an operating system. Invaders can integrate commands that enable DDE on their site and then use Power Query commands on a malicious spreadsheet to merge site data with spreadsheets and start the DDE attack.
Η Microsoft permanently warns users when it comes to linking two programs, but hackers manage to cheat the victims with DDE attacks (both in his documents Word as well as Excel spreadsheets) from 2014.
2017, Microsoft had advised users on how to avoid them attacks. He proposed to disable the DDE for his various programs Office suite. However, the attacks continue. When the researchers unveiled their findings on Power Query, Microsoft, in June of 2018, the company said it would not make any changes to the feature. Indeed, there has been no change since then. Farjon said his company had been waiting until now to reveal the findings publicly, hoping Microsoft would make a change. Meanwhile, during this time there is no evidence that Power Query is being used in attacks. These attacks are hard to identify because they come from a legitimate feature.
"Unfortunately, I think the attackers will certainly use it"Says Farjon." It's easy, exploitable, cheap and reliable"
Meanwhile, last week, Microsoft informed its users that hackers are exploiting another Excel feature to breach Windows machines, even if they have the most recent ones security updates. This attack, which seems to be primarily aimed at Koreans, starts with malicious macros. This attack is a big problem for Word and Excel for years.
Office 365 users want new, useful features, but any new feature may be a new risk. The more capable and more flexible the programs, the more hackers can exploit them. Microsoft said its scanning system Windows Defender was able to block last week's macro attacks, because he knew what he had to look for. But Mimecast's findings show that hackers always find ways to get into the systems and infect them with malicious software.
Microsoft says both malicious macros and Power Query can be controlled using a management feature Office 365, called "group policies". This feature allows administrators to customize settings on all of their organization's devices at the same time.