• Rss
  • LinkedIn
  • Youtube
  • Twitter
  • Instagram
  • English English English en
  • Deutsch Deutsch German de
Sales: +49 5251 304-800 | Support: +49 5251 304-636
NoSpamProxy
  • HOME
  • PRODUCT
    • NoSpamProxy Cloud
    • NoSpamProxy Protection
    • NoSpamProxy Encryption
    • NoSpamProxy Large Files
    • NoSpamProxy Disclaimer
  • SUPPORT
    • Knowledge Base
    • Forum
    • Training courses
    • Support Request
    • Software-Download
    • Resources
  • PARTNERS
    • Finding Resellers
    • Becoming Reseller
    • Partner Portal
  • COMPANY
    • Team
    • Testimonials
    • Career
    • Contact
  • EVENTS
    • Events
    • Webcast Training
  • BLOG
  • FREE TRIAL VERSION
    • Price request
    • Free trial version
  • English
    • Deutsch
  • Search
  • Menu Menu
  • Textbasierte CSV-Injection-Angriffe erfolgreich abwehren

Successfully fend off text-based CSV injection attacks

Author: Micha PekrulSaaS Platform Managerhttps://www.linkedin.com/in/micha-pekrul/–Auf LinkedIn vernetzen

Currently, criminals are trying to install malware via text-based CSV files. This was reported this week by security researcher Chris Campbell and the US magazine BleepingComputer. The phishing wave is also known as “CSV Injection“.

04.02.2022|last modified:26.10.2022

Dynamic Data Exchange enables attacks

A feature for the dynamic data exchange (Dynamic Data Exchange or DDE for short) in Microsoft Excel, to which CSV files are usually linked, enables this approach. Microsoft released security enhancements as defense-in-depth measures for Excel in a January 2022 update. In previous updates, such as in 2018, controls were added to allow DDE to be configured in Excel. With the January update, Microsoft disabled DDE in all supported versions of Excel.

CSV Injection - Excel with calc.exe spawned

In order to get a CSV file in Microsoft Excel to start a program like “calc.exe” at all via DDE, you must re-enable the “DDE server start” option in the Trust Center on a fully patched system. As with documents with macro functionality, appropriate notes must be nodded off.

If you have not dealt with the issue of DDE in Microsoft Excel before, now is a good time to take a closer look at this potential threat. For most companies, it should certainly be enough to disable this often rather unknown functionality and roll out the new update.

How to protect yourself from CSV injection attacks with NoSpamProxy

CSV Injection Contentfilter

A CSV file is recognized in the NoSpamProxy file type “Plain text”.

If such CSV files prepared with DDE functionality are sent as attachments via NoSpamProxy, they are correctly recognized as file type “Plain text”. So that you can filter them accordingly in the content filter, you must resort to an AND condition between file type “Plain text” and file name “*.csv”.

CSV Injection Contentfilter Configuration

An AND condition filters on CSV files.

Now you can adjust the content filter according to your own needs. If CSV files are not needed at all in the company, you can reject the email completely. Or you can make a decision with the help of the level-of-trust filter. This distinguishes between trusted and untrusted communication partners. If you have licensed “Larges Files”, you can also separate a CSV file from the e-mail for security purposes, upload the attachment to the Web Portal and have it released there if required.

Basically, since the end of 2018, we propagate the so-called “email firewall“. We recommend to prohibit all files and only selectively – as with a firewall – allow individual required formats. So if in doubt, do not accept CSV files for the time being.

Not yet using NoSpamProxy?

With NoSpamProxy you reliably protect your company against cyber attacks. Request your free trial version now!

Get your free NoSpamProxy trial now
  • share 
  • share 
  • tweet 
  • email 

SEARCH

PRODUCT

  • All Topics
  • NoSpamProxy Cloud
  • NoSpamProxy Protection
  • NoSpamProxy Encryption
  • NospamProxy Large Files

Knowledge Base

Knowledge Base

Note: The information in this knowledge base is only relevant for NoSpamProxy up to version 13.2. All information for NoSpamProxy 14 and higher can be found in the online documentation.

CATEGORY

  • All Topics
  • News
  • Product
  • Tech & Support
  • Events
Subscribeto RSS Feed

NoSpamProxy

  • NoSpamProxy Cloud
  • NoSpamProxy Encryption
  • NoSpamProxy Large Files
  • NoSpamProxy Disclaimer
  • Price request
  • Team
  • Career
  • General terms and conditions
  • Data Protection Information for Business Partners and Applicants
  • Cybersecurity (PSIRT)

Partners

  • Becoming a reseller
  • Partners
  • Order Certificates
  • Newsletter

Categories

  • All topics
  • News
  • Support
  • Updates
  • Order certificates

Latest News

  • Info IconCritical Outlook vulnerability: No threat to NoSpamProxy customers24.03.2023 - 15:09
  • Default filter settings in NoSpamProxy 1422.03.2023 - 10:00
  • NoSpamProxy UpdateGlobal Rollout NoSpamProxy Version 14.0.515.03.2023 - 15:20
IMPRINT • EULA • Privacy Policy • © 2023 Net at Work GmbH
  • Rss
  • LinkedIn
  • Youtube
  • Twitter
  • Instagram
Promotion: Five champion stars bring rich discountsNoSpamProxy Rabattaktion Cloud Server PreviewAutomatisiertes Zertifikatsmanagement mit Managed Certificates PreviewAutomated certificate management with Managed Certificates
Scroll to top