Categories: Microsoft Office

Microsoft Word bug: What you need to know

Software developers and hackers are in a constant game of cat and mouse. When cybercriminals find new security bugs to exploit, tech companies have to quickly release a solution that secures those vulnerabilities. Just this month, Microsoft released a patch to eliminate a Word exploit designed to steal user information. If you’re an avid Microsoft Word user, here’s what you need to know about the bug.

The attack
On April 10, cybersecurity firm Proofpoint discovered scammers running email campaigns to trick people into clicking malware-ridden Word attachments. The fraudulent emails, simply titled “Scan Data,” included attached documents that were named “Scan,” followed by randomized digits.

Although the emails seem harmless, clicking on the documents triggers a download for Dridex malware, a Trojan virus designed to give hackers direct access to your banking information. From there, they can simply log in to your online account and make unauthorized transactions under your name.

In 2015, the distribution of Dridex allowed cybercriminals to steal approximately $25 million from European accounts. And if your business fell victim to this malware, there’s a possibility your company might not be able to recover from the loss.

The solution
Fortunately, two days after the discovery of the bug, Microsoft released a security update to disable the dangerous documents, urging users to install the patch as soon as possible. But even though Dridex was inoculated relatively quickly, employees continue to be the biggest problem.

Like most malware attacks, Dridex was distributed via phishing campaigns that preyed on a victim’s trust and curiosity. Hackers added barely any text to the email, yet people were still fooled into clicking on dangerous links.

To make sure Dridex never reaches your company, you must provide comprehensive security awareness training. In your sessions, encourage employees to practice safe computing habits, which include being cautious of online links, setting strong passwords, and avoiding downloads from untrusted and unknown sources.

Much like updating your software, keeping your staff’s security knowledge up to date on the latest threats is also imperative. Ultimately, your goal is to have employees with a security-focused mindset when browsing the web.

Of course, if security training and cybersecurity solutions are not your company’s specialties, you can always rely on a trusted managed services provider like us to protect your business. We can update and secure your systems regularly, and make sure your staff are actively doing their part to reduce security risks. Contact us today!

ron.pierce

Recent Posts

The Ultimate Guide for CPAs: Choosing the Right Accounting Practice Software for Your Office

  Are You Making the Right Choice for Your CPA Firm? When was the last…

3 days ago

Implementing Screen Time Management Solutions in the Workplace

In today’s digital-first world, screen time is an unavoidable aspect of the modern workplace. Employees…

4 days ago

Simple Ways to Limit Screen Time for Your Family

Spending too much time in front of screens can affect how we feel and interact…

5 days ago

Preventing Email Phishing Attacks for Small Businesses: Essential Strategies

Every day, people receive emails pretending to be from trusted sources only to discover they…

2 weeks ago

Best Practices for Data Backup in 2025

Best Practices for Data Backup in 2025 In today's digital age, data is the lifeblood…

2 weeks ago

What Is Single Sign-On and Who Is It For?

Statistics show that the average enterprise uses more than 90Read more  "What Is Single Sign-On…

3 weeks ago