Detecting the Difference Between Word Docs and Weaponized Docs


With every new innovation in technology comes the need for protection to match it. In recent years, weaponized documents, or files that appear to victims as everyday Microsoft Office files or emails, have become a top malware-delivery mechanism for cybercriminals. Enterprises are six times more likely to be hit by a malicious document than any other threat, and these documents can install ransomware or trojans that can be used to infect companies, cripple processes, scramble data, and a host of other disruptive acts.

Imagine one day you get an email from a known contact–a coworker or relative. Attached to their email is a Word document, so you click on it to see what they have shared. But what’s gone unnoticed is the almost indiscernible change that’s been made to their email address; a dash instead of a period, a zero instead of the letter “o.”

This tiny alteration makes a huge difference. After all, how many people know the exact email of every contact they have? It’s impractical to believe an individual could maintain that level of scrutiny when performing a task as simple as checking their email. So with a single click, a malicious code is silently released onto the network. Even more problematic, these weaponized documents can appear in the form of email attachments, and well as web downloads or shared drives.

Weaponized document detection

Most endpoint security solutions identify known document threats through techniques like signatures, heuristics, or file reputation. While these forms of antivirus used to be successful, they are not very user-friendly, and they pale in comparison to today’s threats.

The most common malware seen today can be categorized as zero-day, near-zero day, and polymorphic threats, meaning they’ve been altered specifically to circumvent traditional techniques. But, since a majority of document-based attacks now come in these forms, antivirus programs like signatures or heuristics are no longer able to stay ahead of malware.

What does this mean?

These threats require a new era of endpoint security- one which can detect and protect organizations from files that have been altered to evade antivirus programs. SparkCognition’s AI-based document detection engine, DeepArmor, uses patented and patent-pending algorithms to analyze documents and detect threats before the malware has the chance to be executed. By analyzing the DNA of common files, DeepArmor can detect executables, macros, and scripts in files that appear safe.

DeepArmor Enterprise version 1.40.0 was created by the cyber defense team for even better protection as the first endpoint protection solution to apply machine learning to the pre-execution detection of weaponized documents. This newest version incorporates comprehensive reporting functionality that can be customized by user, device group, and time period. Additionally, it provides enhanced offline protection capabilities, so that DeepArmor’s AI detection engine can provide full protection for both online and isolated or disconnected networks.

More simply stated, when you get that email from your “coworker,” DeepArmor would be able to detect and protect against any malicious files, regardless of if you catch it yourself or not.

Latest blogs

SparkCognition is committed to compliance with applicable privacy laws, including GDPR, and we provide related assurances in our contractual commitments. Click here to review our Cookie & Privacy Policy.