MALWARE EMBEDDED IN MICROSOFT OFFICE DOCUMENTS | DDE EXPLOIT (MACROLESS)
Hiding malicious code within a macro is a malware technique well-known among attackers and defenders, and even end-users have heard the message that they need to take care when opening documents from unknown sources that contain macros. Many enterprises implement a blocking policy for macros or strip VBA code found in email attachments. What is less known, however, is that attackers can embed code without the need to use a macro. In such cases, a malicious document would be able to bypass traditional defenses.
Read the full post at SentinelOne blog
How is SentinelOne Addressing It?
SentinelOne implements several detection layers on the agent side and consequently does not need to rely on connectivity to prevent the execution of malicious DDE code. The demo video below shows how the agent detects the attempt and is capable of rolling back the device to its pre-infected state. The video shows what happens when a Detect-only policy is in force. However, in a real-life scenario, users would typically use a Protect policy that would prevent the execution of any code, making remediation unnecessary.
Contact us here at Mobisec Technologies for more details on how SentinelOne can protect your organization from current threats: firstname.lastname@example.org