Malware (short for malicious software) refers to software designed to intentionally damage, disrupt or breach an organization’s IT infrastructure.
Cybercriminals can use DDEs in Microsoft documents to execute malicious code on a recipient’s computer.
If the ownership and trust of the certificate chain has been compromised, a cybercriminal could trick a user into opening a document that contains malicious content.
Embedded objects within files can be used to hide data or provide a way for active code to be triggered. These objects are often used by cybercriminals to perform actions without a user’s permission or knowledge.
Hyperlinks are often used in phishing attacks. Cybercriminals create links that look legitimate and trustworthy on the surface, but once clicked, take a user to a different destination and a chain of malicious events is activated.
Sensitive information that a company does not want to disclose to the public can be found within metadata. This could be the name of the author of a file or review comments. Cybercriminals can access this data, using it for malicious purposes, damaging the reputation of an organization when the breach is disclosed.