Request a demo
Request a demo

Mark of the Web (MOTW) – Challenges, bypass methods, and solutions

Microsoft identifies Office documents originating from an email attachment or the internet with a Mark of the Web (MOTW). Used by other applications such as Windows Defender SmartScreen, and other security tools as well, MOTW labels a document as being from an untrusted location to an application opening the file, enabling it to block macros and active content, and to apply other policies to the file.  This fall, Microsoft announced it would block macros by default in Office documents downloaded from the internet, and on November 8th Microsoft announced that MOTW will propagate into file containers such as .ISO, .IMG, .ZIP and other archives.

While these policies improve security, MOTW is prone to vulnerabilities, and threat actors are adapting their tactics to continue using weaponized content as a primary attack vector on organizations.  

Join us for a webinar about MOTW on Thursday, December 8th at 10am ET. In this virtual event, Morphisec's expert threat researchers will review Microsoft’s new policies, the security efficacy provided by MOTW, and present methods attackers use to bypass these mechanisms. These include tampering with the file certificates to avoid MOTW inspection, social engineering, and other techniques. We will provide technical explanations with real-world examples based on Morphisec’s Threats Lab data, so you can understand how threats are shifting, and plan accordingly.

Register to secure your spot now!

Speakers:

MGoTransparent Michael Gorelik, CISSP | CTO, Morphisec

Arnold Arnold Osipov | Malware Researcher, Morphisec

 

MOTW Event Banner