Hello, welcome to the Thursday, February 13th, 2020 edition of the Santernet Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Well, Brad wrote up what he's currently seeing with password-protected zip files, not the latest trick,

to actually get people to install

malicious code on their system.

But apparently still working, he found 66 different password-protected SIP archives just

for Tuesday this week.

And, well, they sort of all do the same thing.

Once you unsip the archive and the password

is usually three digits like one one one or two two two and you have to of course enable macros

and what you'll end up with is you are sniff which is known for stealing passwords and banking information and connecting back

to a command and control server.

Also interesting that these particular emails were written in Italian.

Of course, we have seen this where the bad guys are venturing out into various languages

in order to find new pools of users that may not

be quite as used to these tricks. Sadly, these documents with macros still continue to be a huge

problem even though, well, everybody should know that this is how a lot of compromise is

happening by now, but a lot of companies still use macros, so users can't just not enable

them to help with this.

Microsoft is starting to experiment with a feature they're calling safe documents.

Essentially the way it works is if a user

does open a document in protected view, this feature will scan the macros in the document and

...