Among other things, cybercriminals use e-mail file attachments to foist damage on potential victims – for example as an Office file with macros, or for example as an Excel add-in (.xll files). As more and more formats such as directly executable files are blocked and filtered out as malware, attackers are turning to other formats. Microsoft has identified online Excel add-ins as an acute threat and intends to block them shortly.
Source of danger external extensions
Excel add-ins have been a growing threat for some time. HP’s security department Wolf warned in quarterly report 4/2021 that the number of attackers using Excel add-ins to infect systems has increased almost sixfold. In addition, HP’s IT security specialists have already observed a growing number of malware families that cybercriminals have spread using this technology.
The trend continued last year, confirm the IT security experts at Cisco Thalos. “Currently, a significant number of advanced persistent threats and commodity malware families use XLL files as an infection vector, and this number continues to grow,” the company wrote just before Christmas last year.
Microsoft apparently sees it the same way. The Microsoft 365 development roadmap now says under “in development”: “Excel: Block XLL add-ins from the internet”. As an explanation of the entry, the developers write: “To combat the increasing number of malware attacks in recent months, we are introducing measures that block XLL add-ins from the Internet.”
The target software is Excel from the Office suite in the desktop version. Microsoft Office is also to be updated accordingly in the cloud instances. Microsoft’s developers don’t have too long, the company is already planning general availability for March of this year.
In the middle of last year, Microsoft was already tackling some weak points in Windows security. At that time, developers hardened RDP, Microsoft Office and protected processes, for example.
Leave a Reply