An attacker embedded a macro within a word processing file opened by a user in an organization's legal department.
The attacker used this technique to gain access to confidential financial data.
Which two recommendations should a security expert make to mitigate this type of attack? (Choose two.)
Click on the arrows to vote for the correct answer
A. B. C. D. E.AC.
The attack described in the question is an example of a malicious macro attack. Macros are scripts that can be embedded within a document or file to automate tasks, but attackers can also use them to deliver malware or gain unauthorized access to a system. To mitigate such attacks, the following two recommendations can be made:
Signed Macro Requirements: By default, Microsoft Office applications disable macros, but users can choose to enable them when prompted. Attackers take advantage of this by embedding malicious macros within files that are then opened by unsuspecting users. To prevent this, organizations can require that all macros be signed by a trusted entity before they are allowed to run. This ensures that only trusted macros are executed, and any attempts to run unsigned macros will be blocked.
Controlled Folder Access: Controlled folder access is a security feature in Windows 10 that protects files and folders from unauthorized access, including malware and ransomware. When enabled, it prevents unauthorized apps from making changes to files in protected folders, such as the Documents folder. By configuring controlled folder access to include the folder where legal department files are stored, any attempts to modify or access these files by unauthorized apps, including malware embedded in macros, will be blocked.
Therefore, options C and A are the two recommended solutions to mitigate this type of attack. Removable device restrictions, firewall rules creation, and network access control are not directly relevant to mitigating macro-based attacks.