Malware and toolkits as a service are readily available in certain forums. An individual with malicious intent yet lacking the skillset necessary may acquire the tools needed to bypass antivirus scans and deliver malware to their target. It is useful to have detections in place to alert when unusual child processes spawn from Excel or Word processes. As noted in the referenced analysis, this toolkit uses techniques able to bypass most email based phishing detections. The need for awareness training and incentives for identifying malicious behavior, email, and documents is paramount to a solid risk management plan. Unfortunately, infection usually starts with an honest mistake, not a highly sophisticated chain of exploits. In order to combat this it is recommended that on top of employee awareness and incentive programs a solid team providing Security Operations Center defense and as stated in the Senate hearing concerning the Solar Winds attacks. Threat Hunting serves as a force multiplier in defensive operations and can be the mitigating factor between a breach and a data leak or ransomware encryption. Binary Defense offers both these solutions with teams readily available 24/7 to assist.

CheckPoint Research blog: https://research.checkpoint.com/2021/apomacrosploit-apocalyptical-fud-race/

https://securityaffairs.co/wordpress/114880/cyber-crime/apomacrosploit-macro-builder.html?utm_source=rss&utm_medium=rss&utm_campaign=apomacrosploit-macro-builder

https://www.intelligence.senate.gov/hearings/open-hearing-hearing-hack-us-networks-foreign-adversary

https://research.checkpoint.com/2021/apomacrosploit-apocalyptical-fud-race/