• Rss
  • LinkedIn
  • Youtube
  • Twitter
  • Instagram
  • English English English en
  • Deutsch Deutsch German de
Sales: +49 5251 304-800 | Support: +49 5251 304-636
NoSpamProxy
  • PRODUCT
    • NoSpamProxy Cloud
    • NoSpamProxy Protection
    • NoSpamProxy Encryption
    • NoSpamProxy Large Files
    • NoSpamProxy Disclaimer
  • RESOURCES
    • Documentation
    • Forum
    • Webcast Training
    • Training Courses
    • Support
    • Software Download
  • PARTNERS
    • Finding Resellers
    • Becoming Reseller
    • Partner Portal
  • COMPANY
    • Contact
    • Team
    • Testimonials
    • Career
    • Events
  • PRICE REQUEST
  • BLOG
  • FREE TRIAL VERSION
    • Price Request
    • Free Trial Version
  • English
    • Deutsch
  • Search
  • Menu Menu
  • Textbasierte CSV-Injection-Angriffe erfolgreich abwehren

Successfully fend off text-based CSV injection attacks

Author: Micha PekrulSaaS Platform Managerhttps://www.linkedin.com/in/micha-pekrul/–Auf LinkedIn vernetzen

Currently, criminals are trying to install malware via text-based CSV files. This was reported this week by security researcher Chris Campbell and the US magazine BleepingComputer. The phishing wave is also known as “CSV Injection“.

04.02.2022|last modified:26.10.2022

Dynamic Data Exchange enables attacks

A feature for the dynamic data exchange (Dynamic Data Exchange or DDE for short) in Microsoft Excel, to which CSV files are usually linked, enables this approach. Microsoft released security enhancements as defense-in-depth measures for Excel in a January 2022 update. In previous updates, such as in 2018, controls were added to allow DDE to be configured in Excel. With the January update, Microsoft disabled DDE in all supported versions of Excel.

CSV Injection - Excel with calc.exe spawned

In order to get a CSV file in Microsoft Excel to start a program like “calc.exe” at all via DDE, you must re-enable the “DDE server start” option in the Trust Center on a fully patched system. As with documents with macro functionality, appropriate notes must be nodded off.

If you have not dealt with the issue of DDE in Microsoft Excel before, now is a good time to take a closer look at this potential threat. For most companies, it should certainly be enough to disable this often rather unknown functionality and roll out the new update.

How to protect yourself from CSV injection attacks with NoSpamProxy

CSV Injection Contentfilter

A CSV file is recognized in the NoSpamProxy file type “Plain text”.

If such CSV files prepared with DDE functionality are sent as attachments via NoSpamProxy, they are correctly recognized as file type “Plain text”. So that you can filter them accordingly in the content filter, you must resort to an AND condition between file type “Plain text” and file name “*.csv”.

CSV Injection Contentfilter Configuration

An AND condition filters on CSV files.

Now you can adjust the content filter according to your own needs. If CSV files are not needed at all in the company, you can reject the email completely. Or you can make a decision with the help of the level-of-trust filter. This distinguishes between trusted and untrusted communication partners. If you have licensed “Larges Files”, you can also separate a CSV file from the e-mail for security purposes, upload the attachment to the Web Portal and have it released there if required.

Basically, since the end of 2018, we propagate the so-called “email firewall“. We recommend to prohibit all files and only selectively – as with a firewall – allow individual required formats. So if in doubt, do not accept CSV files for the time being.

Not yet using NoSpamProxy?

With NoSpamProxy you reliably protect your company against cyber attacks. Request your free trial version now!

Get your free NoSpamProxy trial now
  • share 
  • share 
  • tweet 
  • email 

SEARCH

PRODUCT

  • All Topics
  • NoSpamProxy Cloud
  • NoSpamProxy Protection
  • NoSpamProxy Encryption
  • NospamProxy Large Files

You need support?

You can find more information about NoSpamProxy in our documentation and forum.

CATEGORY

  • All Topics
  • News
  • Product
  • Tech & Support
  • Events
Subscribeto RSS Feed

NoSpamProxy

  • NoSpamProxy Cloud
  • NoSpamProxy Encryption
  • NoSpamProxy Large Files
  • NoSpamProxy Disclaimer
  • Price request
  • Team
  • Career
  • General terms and conditions
  • Data Protection Information for Business Partners and Applicants
  • Cybersecurity (PSIRT)

Partners

  • Becoming a reseller
  • Partners
  • Order Certificates
  • Newsletter

Categories

  • All topics
  • News
  • Support
  • Updates
  • Order certificates

Latest News

  • Info Icon
    New SwissSign MPKI: What you need to do now28.09.2023 - 14:53
  • MalDoc in PDF Gefahr durch in PDFs versteckte Word Dateien Preview
    MalDoc in PDF: Danger from Word files hidden in PDFs08.09.2023 - 16:57
  • NIS2 Network and Information Systems Directive Preview
    NIS2 – What the directive means for you08.09.2023 - 09:00
IMPRINT • EULA • Privacy Policy • Change Cookie Settings • © 2023 Net at Work GmbH
  • Rss
  • LinkedIn
  • Youtube
  • Twitter
  • Instagram
Promotion: Five champion stars bring rich discountsNoSpamProxy Rabattaktion Cloud Server PreviewAutomatisiertes Zertifikatsmanagement mit Managed Certificates PreviewAutomated certificate management with Managed Certificates
Scroll to top