Did you know macros are code, too? When we think about code signing, we typically think of software supply chains and modern cloud native architectures. But there may not be a simpler, arguably more elegant way to ransom a corporate network than via the humble macro.
You may say, Well, that’s why we require our employees to take yearly cybersecurity training, so they don’t do that! But no matter how well trained your employees are, it only takes one distracted employee to click on one macro for a ransomware attack to launch.
A machine-centric approach has become essential to combatting ransomware. That’s what one transportation company learned when a ransomware attack brought down a significant portion of the company’s network.
Macros are code: a 'smack' in the head
The attack halted their logistics and brought down their customer service. This impact was amplified when the company decided to take down all the virtual servers infected by the ransomware and restore them from previous backups rather than comply with the attacker’s demands of a multimillion-dollar payoff. Although InfoSec wasn’t sure how the servers had been compromised, they did know that a phishing email with an attached malicious Microsoft Office macro was sent to several company employees not long before the ransomware attack took place.
When the Venafi team asked if senior leadership knew that macros and scripts could be code signed, the director of PKI admitted they didn’t: “When it clicked that our Office macros and PowerShell scripts were code just like anything else—well, it was a real ‘smack-my-head’ moment.”
Automated security controls via CodeSign Protect
Venafi showed how automated security controls for code signing could disable and remove any unsigned macro. Even better, the Venafi solution, CodeSign Protect, automated everything having to do with signing code, including managing the lifecycle of code signing keys and certificates, as well as enforcing security policy. And it worked seamlessly with users’ preferred toolsets, whether they were developers writing apps using DevOps methodologies or IT team members writing PowerShell scripts.
Finally, the company needed a solution that could scale quickly to manage the security of all their macros and PowerShell scripts. Said the director of PKI services:
“Not only is it easy to use, but it’s also incredibly flexible. Now we can have one set of code signing security policies specifically for signing of Office macros, another, more stringent policy for critical IT infrastructure shell scripts and then an appropriate set of policies for the logistics software we share with our partners.”
Want to read more?
Click here to read the case study. But before you go, here’s a rave from the director of PKI services:
“No more complexity. No more overhead. My team now can support our thousands of employees without worrying about their levels of expertise or skill. This level of simplicity is essential to ensure widespread adoption across our enterprise—the only way code signing serves as an effective means to help stop future ransomware attacks.”
- From Babuk Source Code to Darkside Custom Listings — Exposing a Thriving Ransomware Marketplace on the Dark Web
- Microsoft Backs Off Internet Office Macro Ban [Update]
- Ransomware Evolves: Encrypting Out, Bug Bounty In [July 2022]
- Ransomware Trends Show Lockbit Most Active, New Tactics, Healthcare Hit Hard