1(630)802-8605 Ravi.das@bn-inc.net

The good news this morning is that I should be receiving the final index for my new book which is coming out in July.  Once I approve the index, the book will be off to the printers for publication, at long last.  In the meantime, I have also started the quest on my new book, which deals with Cyber terrorism, Cloud Infrastructure, and the AWS.

I have already started to write Chapter 1, and in it I have talked about the  evolution to the Cloud by first “talking” about the history of the mainframes, the PC, and wireless networks.  After all,  they all did have an impact on the formation of the Cloud.

In it, I also have “talked” briefly about the history of the Microsoft Office, which we all know includes Word, PowerPoint, and Excel (there are probably even more than this, but this is all I use, primarily Word for my writing projects).  These software packages are no doubt used worldwide, and are also of the prime vehicles that are used by the Cyber attacker.

They are used mostly in Phishing e-mails, where you are coaxed to download a file (such as .XLS, .DOC, and .PPT) which actually contains malicious code.  Once you download that file and open it, your computer will more than likely be infected by a Trojan Horse virus, and you probably will never be aware of it.  This is the “backdoor” for the Cyber attacker, in which they can covertly get access to your usernames and passwords.

Now, Microsoft has just announced that it is adding JavaScript functionality to its Excel software package.  What is Java Script you may be asking?  It is defined as “an object-oriented computer programming language commonly used to create interactive effects within web browsers.”  So in other words, it is just a piece of software code which allows you to interact with the functionalities in your web browser in a dynamic, real time basis.

However, Java Script has also been the source for other forms of Cyber attacks, and when you couple that already with the security vulnerabilities that are already found in Excel, well, you get the recipe for a big disaster.  In fact, this was demonstrated by Security researcher Charles Dardaman how this can be done.

He demonstrated “ . . . how easy it is to embed the infamous in-browser cryptocurrency mining script from CoinHive inside an MS Excel spreadsheet and run it in the background when opened.”  (SOURCE:  https://thehackernews.com/2018/05/javascript-function-excel.html).

Now keep in mind, how Cryptocurrency scripting can be used as a Cyber threat is still above my head, and I promise to examine it in more  detail in future blogs.  But, I have reviewed articles on this very topic, and believe me it can be done.  The point of this post is to point out that JavaScript can be exploited to launch a Cyber attack in a malicious .XLS file.

However, the good news is that any form malicious code cannot just be installed immediately; rather users need to manually load and execute the JavaScript functions through the Excel add-ins feature for the first time.  Once this happens, then the JavaScript will then load up automatically after any .XLS is opened up (assuming that the Excel package has this JavaScript plug in already installed into it).

Also, keep in mind that any Java Script functionality has to connect to some sort of external server, because a web page is involved somewhere in the process.  Before this connection can be made, Microsoft will ask the end user if they want to connect to that particular server or not.  So, this is yet another fail safe that has been implemented.  Because of this, it has been deemed by security professionals that this Java Script functionality does not pose too much of a threat today, unless of course, a Cyber attacker has found a way to automate this entire process in the background.

Also, the JavaScript functionality is only available in limited editions of Excel, which include the following:   The Developer Preview edition for Windows, Mac, iPads and Excel Online that are available only to Office 365 subscribers.  If you want to learn how to import the Java Script functionality into Excel, here is the link to the documentation that you can follow:

https://docs.microsoft.com/en-us/office/dev/add-ins/excel/custom-functions-overview

Remember, always stay safe by downloading the appropriate software patches and upgrades (especially if you are using the desktop version of Excel), or use the Office 365 version. Since this one is Cloud based, it will probably be kept up to date automatically.