All posts by Keumars Afifi-Sabet

Facebook unveils VR remote working experience, Horizon Workrooms


Keumars Afifi-Sabet

20 Aug, 2021

Facebook has launched a fully immersive virtual reality (VR) remote working experience, powered by the Oculus Quest 2 headset, that tries to mimic physically being in a workplace.

With Horizon Workrooms, workers can beam their own comic book-style avatar into a virtual office and perform office-based tasks alongside their colleagues, as they might in a real-world setting. Such activities include working at their terminal, brainstorming, socialising, and listening to presentations.

“Workrooms is our flagship collaboration experience that lets people come together to work in the same virtual room, regardless of physical distance,” Facebook said. 

“It works across both virtual reality and the web and is designed to improve your team’s ability to collaborate, communicate, and connect remotely, through the power of VR – whether that’s getting together to brainstorm or whiteboard an idea, work on a document, hear updates from your team, hang out and socialize, or simply have better conversations that flow more naturally.”

This VR experience, which businesses can sign up for in its beta state, is a logical extension of how collaboration tools have attempted to mimic the in-office experience.

Tech firms, like Microsoft and Google, have made efforts to improve their workplace collaboration tools over the last 18 months after COVID-19 forced the majority of office-based workers into some form of remote working. 

While these efforts have improved the remote working experience, they’ve largely failed to live up to the real deal, whether it’s through advances in video conferencing or iterative improvements to platforms such as Microsoft Teams. This is because of the fundamental physical disconnect that remains with remote and virtual working. 

It’s resulted in a new type of fatigue among many remote workers, with crucial aspects such as the office culture also going amiss.

As such, many businesses have instead opted for hybrid models as we emerge from the pandemic, which delivers a ‘best of both worlds’ scenario for a majority of employees. 

Facebook argues that its horizon Workplace experience, which is currently being used by Facebook employees, “transforms your home office into your new favourite meeting room”, and your desk into a shared table where you can gather with teammates. 

Remote workers can also synchronise their computers with the virtual environment, and work on a virtual terminal, take notes, and share their screens with colleagues. 

The technology is powered by spatial audio, expressive avatars and hand tracking, which lets you use your hands to point, type or give a thumbs-up. 

The innovation builds on Mark Zuckerberg’s longstanding vision to build a metaverse that users can readily tap into and out of. 

The Facebook co-founder recently ramped up the rhetoric behind this concept, suggesting in July 2021 that his company’s future, and that of the internet, lied in the “metaverse”, according to Bloomberg

It’s something that’s been on the executive’s mind for many years, however, with Oculus hiring the former Google Glass lead engineer Adrian Wong in 2014 for a job as a ‘professional daydreamer’, with the task of “building the Metaverse”.

GitHub Discussions is now generally available


Keumars Afifi-Sabet

18 Aug, 2021

GitHub Discussions is officially out of beta, meaning open source developers can access a comprehensive suite of forum discussion tools to stay on top of community management.

Discussions grants open source development teams access to tools and processes to make community engagement more collaborative, the firm said. This includes being able to mark the most helpful answers, upvote responses, customise categories and pin major announcements. 

“Creating open source software today is so much more than the source code,” said GitHub’s Evi Liu.

“It’s about managing the influx of great ideas, developing the next generation of maintainers, helping new developers learn and grow, and establishing the culture and personality of your community.

“Over the past year, thousands of communities of all shapes and sizes have been using the GitHub Discussions beta as the central space for their communities to gather on GitHub in a productive and collaborative manner.”

Labelling discussions, integrating apps and responding through mobile are among the newest features GitHub has introduced as it’s taken the platform out of beta, with the company planning on rolling out further updates in the coming months.

Maintainers can organise and triage discussions with labels to keep forums tidy and help members filter to areas of interest. Power users can also integrate with GitHub Actions or existing workflows using the DiscussionsGraphQL API as well as Webhooks Finally, GitHub Discussions on mobile allows administrators to check in while away from their desktop. 

These new features are part of efforts to improve the overall GitHub user experience (UX) and make the open source coding repository more accessible and intuitive for developers. 

GitHub Discussions was first announced as part of a broader product roadmap in July 2020 as a means for communities to collaborate within a repository alongside issues and pull requests. The platform was then launched in December in its first beta version and has since been iterated upon following testing and feedback.

Private repositories were able to access GitHub Discussions from March this year, with the latest announcement signalling the general availability of the anticipated social feature.

Cisco acquires Israeli application monitoring startup Epsagon


Keumars Afifi-Sabet

16 Aug, 2021

Cisco has acquired application monitoring firm Epsagon in a multi-million dollar deal that will see the firm’s technology integrated into Cisco’s products and services

Joining the company’s Strategy, Incubation and Applications division, the Epsagon acquisition will expand Cisco’s advanced full-stack observability strategy with its expertise and technology. 

The startup, which has offices in New York and Tel Aviv, distributes tracing systems for modern applications and services, including containers and server-free environments. 

The value of the acquisition hasn’t been publicly disclosed, although Globes reports the figure stands at $500 million. Epsagon itself has raised $30 million to date, according to Pitchbook, with Globes estimating its value at between $100 to $200 million.

As the app market’s competitive landscape expands, Cisco’s senior VP and chief strategy office Liz Centoni said, businesses must fast-track their innovation timelines or they’ll be overtaken by their rivals. 

Businesses are doing this by adopting cloud-native technologies, microservices and containerised components on a massive scale. This has led to a rise in the complexity of IT environments, with firms like Epsagon stepping in to track the performance of the components that make up a firm’s digital infrastructure. 

“Cisco’s approach to full-stack observability gives our customers the ability to move beyond just monitoring to a paradigm that delivers shared context across teams and enables our customers to deliver exceptional digital experiences, optimise for cost, security and performance and maximise digital business revenue,” Centoni said.

Epsagon’s technology and talent align well with Cisco’s vision to enable enterprises to deliver unmatched application experiences through industry-leading solutions with deep business context. By contextualizing and correlating visibility and insights across the full stack, teams can improve collaboration to better understand their systems, solve issues quickly, optimise and secure application experiences and delight their customers.”

Cisco’s core software as a service (SaaS) platforms includes AppDynamics, ThousandEyes and Intersight which all feed into the full-stack observability strategy. This provides observability across the entire stack of apps, network infrastructure and security with real-time insights correlated across domains, and integrated with business context powered by AI and machine learning.

Rishi Sunak: Teams and Zoom are bad for relationship building


Keumars Afifi-Sabet

3 Aug, 2021

Rishi Sunak has warned young workers against falling into the trap of permanent remote working, suggesting that going into the office can be beneficial to building their careers.

Speaking about his own experiences with LinkedIn News, the chancellor said that working from home wouldn’t have allowed him to build strong relationships and argued that video conferencing is not an adequate substitute.

He also warned against remote working becoming the norm for businesses in the UK.

“I was telling them that the mentors I found when I first started my job I still talk to and they have been helpful to me even after we have gone in different ways,” he said, according to the Times.

“I doubt I would have had those strong relationships if I was doing my internship or my first bit of my career over [Microsoft] Teams and Zoom.

“That’s why I think for young people, in particular, being able to physically be in an office is valuable.”

Before becoming a politician, the chancellor enjoyed a career in finance, including working for Goldman Sachs.

He added that the government has stopped saying people should actively work from home, and has left it up to businesses to figure out the right approach.

In terms of a return to the physical workplace, Sunak said it will be gradual, cautious, and careful, but that there should be an eventual full return to normal working.

His comments echo the government’s longstanding messaging around remote working, with government ministers and the prime minister, Boris Johnson, periodically encouraging workers to return to offices.

In Autumn last year, the government embarked on a public messaging campaign for workers to abandon remote working and return to the workplace.

This was immediately prior to a significant rise in COVID-19 cases and a subsequent lockdown. This was largely spurred by the loss in economic activity due to workers not being out and about in town and city centres during the day.

Contrary to the government’s messaging, many office-based businesses, particularly those in the tech industry, have embraced remote working and are enjoying the benefits of cost reductions and productivity gains. This has been made possible due to an array of technologies such as cloud computing and virtual private networks (VPNs).

Most workers, too, have enjoyed the flexibility that remote working brings, with research conducted in August last year suggesting 90% of Brits wanted to continue working remotely.

However, a significant proportion of office-based workers have equally expressed a desire for a return to in-person working, however, due to the benefits of in-person collaboration and the office culture that’s missing from home-based working.

It’s why many businesses are opting for a hybrid model, which borrows from both remote and in-person working to create a flexible approach that most employees can get behind. KPMG, for example, has offered staff a ‘four-day fortnight’ as part of its remote working strategy, while the Bank of England has told staff to come into the office one day a week.

Amazon to retire iconic EC2 cloud service


Keumars Afifi-Sabet

29 Jul, 2021

AWS has announced that it’s retiring its flagship Elastic Compute Cloud (EC2) platform after 15 years in operation, with customers given until 2022 to migrate their services to its successor.

EC2-Classic, widely considered a foundational cloud computing technology, was launched in 2006 as a virtual computing environment that organisations could use to host scalable applications. These ‘instances’ provided layers of security, different hardware configurations, as well as pre-configured templates.

This technology was eclipsed with the launch of AWS’ Virtual Private Cloud (VPC) platform in 2009, which serve as virtual networks of isolated EC2 instances. It was again followed by the launch of Virtual Private Clouds for Everyone in 2013.

AWS has now decided to retire EC2-Classic, giving customers two years to complete all migrations away from the older technology and towards VPC.

“EC2-Classic has served us well, but we’re going to give it a gold watch and a well-deserved sendoff,” said chief evangelist for AWS, Jeff Barr, in an in-depth blog post.

“We are not planning to disrupt any workloads and we are giving you plenty of lead time so that you can plan, test, and perform your migration. In addition to this blog post, we have tools, documentation, and people that are all designed to help.”

When is AWS retiring EC2-Classic?

AWS has begun notifying all current EC2-Classic customers through their account teams, and will soon begin issuing notices in the Personal Health Dashboard.

From 30 October 2021, AWS will disable EC2-Classic in Regions for AWS accounts that have no active EC2-Classic resources in the Region. The firm will also stop selling one-year and three-year Reserved Instances for EC2-Classic.

Then, from 15 August 2022, AWS expects all migrations to be complete, with no remaining EC2-Classic resources present in any AWS account.

All AWS accounts created after 4 December 2013 were already VPC-only, unless EC2-Classic was enabled as a result of a support request, meaning the change is likely only to affect longstanding AWS customers.

How to migrate from EC2-Classic to VPC

Although AWS will notify customers they will need to migrate, there are several steps that businesses running EC2-Classic instances will need to take. To prepare, ahead of any migration, the firm has put together guidance available on the AWS site.

To fully migrate, customers need to find, examine, and migrate several resources. These comprise running or stopped EC2 instances, running or stopped RDS database instances, Elastic IP addresses, Classic Load Balances, Redshift clusters, Elastic Beanstalk environments, EMR clusters, AWS Data Pipelines, ElastiCache clusters, Reserved Instances, Spot Requests, and Capacity Reservations.

Customers may also need to create, or recreate if deleted, the default VPC for their account. In some cases, they’ll need to be able to modify the existing resources, but in other cases, customers will need to create new and equivalent resources in VPC.

The task may seem daunting, but AWS has launched the EC2 Classic Resource Finder script so customers can find all EC2-Classic resources in their accounts. This can either be run directly in a single AWS account or can be used against all accounts within an organisation.

Customers, at this stage, can use a variety of migration tools that AWS has developed including AWS Application Migration Service, Support Automation Workflow, IP Address Migration, and Class Load Balancers.

Comprehensive support is available through Barr’s post hosted on the AWS site, including a more in-depth overview of each of these migration tools, as well as guidance for updating instance types as businesses move from EC2-Classic to VPC.

Amazon to retire iconic EC2 cloud service


Keumars Afifi-Sabet

29 Jul, 2021

AWS has announced that it’s retiring its flagship Elastic Compute Cloud (EC2) platform after 15 years in operation, with customers given until 2022 to migrate their services to its successor.

EC2-Classic, widely considered a foundational cloud computing technology, was launched in 2006 as a virtual computing environment that organisations could use to host scalable applications. These ‘instances’ provided layers of security, different hardware configurations, as well as pre-configured templates.

This technology was eclipsed with the launch of AWS’ Virtual Private Cloud (VPC) platform in 2009, which serve as virtual networks of isolated EC2 instances. It was again followed by the launch of Virtual Private Clouds for Everyone in 2013.

AWS has now decided to retire EC2-Classic, giving customers two years to complete all migrations away from the older technology and towards VPC.

“EC2-Classic has served us well, but we’re going to give it a gold watch and a well-deserved sendoff,” said chief evangelist for AWS, Jeff Barr, in an in-depth blog post.

“We are not planning to disrupt any workloads and we are giving you plenty of lead time so that you can plan, test, and perform your migration. In addition to this blog post, we have tools, documentation, and people that are all designed to help.”

When is AWS retiring EC2-Classic?

AWS has begun notifying all current EC2-Classic customers through their account teams, and will soon begin issuing notices in the Personal Health Dashboard.

From 30 October 2021, AWS will disable EC2-Classic in Regions for AWS accounts that have no active EC2-Classic resources in the Region. The firm will also stop selling one-year and three-year Reserved Instances for EC2-Classic.

Then, from 15 August 2022, AWS expects all migrations to be complete, with no remaining EC2-Classic resources present in any AWS account.

All AWS accounts created after 4 December 2013 were already VPC-only, unless EC2-Classic was enabled as a result of a support request, meaning the change is likely only to affect longstanding AWS customers.

How to migrate from EC2-Classic to VPC

Although AWS will notify customers they will need to migrate, there are several steps that businesses running EC2-Classic instances will need to take. To prepare, ahead of any migration, the firm has put together guidance available on the AWS site.

To fully migrate, customers need to find, examine, and migrate several resources. These comprise running or stopped EC2 instances, running or stopped RDS database instances, Elastic IP addresses, Classic Load Balances, Redshift clusters, Elastic Beanstalk environments, EMR clusters, AWS Data Pipelines, ElastiCache clusters, Reserved Instances, Spot Requests, and Capacity Reservations.

Customers may also need to create, or recreate if deleted, the default VPC for their account. In some cases, they’ll need to be able to modify the existing resources, but in other cases, customers will need to create new and equivalent resources in VPC.

The task may seem daunting, but AWS has launched the EC2 Classic Resource Finder script so customers can find all EC2-Classic resources in their accounts. This can either be run directly in a single AWS account or can be used against all accounts within an organisation.

Customers, at this stage, can use a variety of migration tools that AWS has developed including AWS Application Migration Service, Support Automation Workflow, IP Address Migration, and Class Load Balancers.

Comprehensive support is available through Barr’s post hosted on the AWS site, including a more in-depth overview of each of these migration tools, as well as guidance for updating instance types as businesses move from EC2-Classic to VPC.

Salesforce’s $28bn Slack acquisition: What’s next for workplace collaboration?


Keumars Afifi-Sabet

22 Jul, 2021

Despite the eye-watering $27.7 billion (roughly £20.2 billion) fee involved, nobody raised an eyebrow at Salesforce’s acquisition of the workplace collaboration platform Slack in December 2020. Workplace collaboration is all the rage – especially following the pandemic – with several entities hoping to capitalise on the changing world of work, including Microsoft Teams, Facebook Workplace, and even Citrix, with its multi-billion-dollar Wrike acquisition.

Slack has long been one of the biggest names on the scene, although its early dominance was dwarfed by the emergence of Teams, which surged in popularity thanks to its capacity to tap into the ubiquity of Microsoft products.

With US antitrust regulators clearing the $27.7 billion deal this week – one of the biggest acquisitions in tech history – Salesforce is now free to position Slack as a much stronger challenger.

The CRM giant will also have been buoyed by a 36% surge in year-on-year revenue for the first quarter of the year, with Slack adding 13,000 more paid customers too, taking its total to 169,000. With late-2020 stagnation firmly in the rearview mirror, this is the sort of momentum Salesforce hopes to build on, as it eyes up expanding on cross-business collaboration and undergoing a fundamental rewiring of the nature of work.

Better connected

There were fears in December that Salesforce muscling its way into operations would spell the end for Slack as we knew it. Much of Salesforce’s rhetoric over subsequent months, however, seemed to align well with Slack’s existing plans; namely devising a means to replace email entirely in light of a longstanding antagonism to the legacy system.

Launched last June, Slack Connect is a way for organisations to add up to 20 others into a single Slack channel, allowing businesses to migrate supply chains and external ecosystems into a single hub. It was seen as a smart move – after all, what more proof might you need that you’re onto something when Microsoft Teams launches an effective carbon copy feature? Salesforce sees this tool as the foundation for building on its vision for a ‘digital HQ’ that allows businesses to collaborate across the virtual borders traditionally established between companies.

“We couldn’t be more excited to have Slack as part of the Salesforce family, combining the #1 CRM and the trailblazing digital platform for the work anywhere world,” Marc Benioff, chair and CEO of Salesforce, said after the deal cleared. “Together we’ll define the future of enterprise software, creating the digital HQ that enables every organisation to deliver customer and employee success from anywhere.”

Stewart Butterfield, CEO and co-founder of Slack, and Salesforce president Bret Taylor added in an interview with Reuters that this merger is an opportunity to connect customers to smoothen the process of making business deals. Slack channels, for example, can be recreated to replace all emails, phone calls, and video conferences that might otherwise occur between, say, a sales team doing a deal with a procurement team at another company. Slack’s growing list of integrations also means that documents from third-party platforms such as Google Drive can be signed with services like DocuSign.

Reimagining the workplace

With this acquisition closing, Salesforce has been keen to push the idea of a ‘digital HQ’, which is very much an idea born of the effects of the COVID-19 pandemic. Companies across the world, the firm says, have learned that surviving as a business is incredibly challenging without means to connect with employees, customers, and partners through digital channels. As such, headquarters are no longer physical locations and are instead mostly based in the cloud, with every industry adjusting to a digital-first environment.

Alluding to the fundamental changes we’ve seen throughout the last few months, Butterfield, who will continue to lead Slack, sees the acquisition as “a once-in-a-generation opportunity to rethink and reshape everything about how and where we work”. The merger, the firm adds, will create a business operating system for whatever this new world of work is.

Although Salesforce says it’s committed to Slack’s roadmap and vision, with the platform continuing to operate under its own brand, the firm has suggested it will integrate Slack into its Customer 360 platform. Launched in 2018, this tool gives companies the capacity to connect Salesforce apps and create unified customer IDs to build a single view of the customer. It was built on the technology of a previous acquisition, MuleSoft, to allow companies to connect apps, data sources, and devices across any cloud service or on-premise server. Every Salesforce Cloud and industry-specific platform will now be deeply integrated with Slack, with the platform serving as the new interface for Customer 360.

Integrations remain a priority

Part of Salesforce’s mission to make the digital workplace more accessible also involves expanding the integrations and interoperability in Slack. Speaking to Reuters, Butterfield added Slack will continue to integrate with Microsoft, despite an intense rivalry, because that sits in line with the goal of making it easier for employees to get things done.

“What customers want is interoperability. They don’t want to have to make hard choices,” he added. “We’ll integrate with everyone – Microsoft and Salesforce, of course, but also ServiceNow and Workday, and more or less anyone you can think of.”

Given the expansion of remote working, changing workplace culture, as well as digitisation of the workplace, this could be one of the most important acquisitions in tech history in terms of its timing. This period is very much seen as a fresh start for defining the nature of work, and what the workplace means, although it’s not clear how things will settle once the pandemic is well and truly over and businesses embark on their next, more stable, chapter.

For all this talk about reimagining the workplace, a cross-industry disinclination to define what this actually means suggests it’s still very much an unknown quantity. This acquisition, however, might be the right deal at the right time for both Salesforce and Slack to attack this question head-on, and help position them as influential architects of whatever comes next.

SAP to launch UK cloud service as part of £200 million investment


Keumars Afifi-Sabet

20 Jul, 2021

SAP will launch a secure UK-based cloud service and set up new offices in London and Manchester as part of a five-year investment package worth €250 million (approximately £212 million).

SAP UK Data Cloud, a new cloud infrastructure for the public sector, will combine the firm’s hyper-scale partnerships with AWS, Azure and Google Cloud with UK data centres to launch an in-nation cloud.

This will be designed to meet the tight regulatory needs of the public sector, while also supporting the UK’s critical national infrastructure in healthcare, transport, education, policing, utilities as well as central and local government operations.

Working with SAP National Security Services (NS2), SAP will ensure that all personal data is safeguarded and resides within the UK. 

The capability to handle official sensitive data will go live in early 2020, with a host of SAP cloud services available at launch. These include SAP S/4HANA Cloud, SAP Success Factors, SAP Business Technology Platform and SAP Analytics Cloud. 

It follows the company’s decision to go “all-in” on cloud computing in October last year. This announcement, however, saw the firm’s valuation drop by €25 billion (£27.8bn). 

“The impact of this for public services can’t be overstated,” SAP said in an explainer on what its UK Data Cloud is and how it works. 

“By modernising and transforming systems through cloud transformation, time after time we’ve seen services simplified, unnecessary costs removed and capacity created for staff, such as frontline workers, freed up to carry out crucial roles – without being waylaid by cumbersome and time-intensive administrative systems. 

“In addition to driving significant efficiencies, harnessing public cloud with sensitive data will facilitate better insights, driving faster and improved decision making to transform citizen services.”

As part of the five-year investment, SAP will also open offices this year to accommodate flexible working arrangements and serve its widespread customer base. 

There’ll also be a customer experience centre built into the new London offices, which will offer facilities for customers and partners to identify and pursue innovation opportunities with SAP. The facility near Manchester, which will be completed later this year, will allow SAP to work and engage more closely with companies around the country, the firm claims.

“It’s great to see SAP demonstrating its commitment to the UK and investing heavily to create new jobs and helping ensure long-term digital prosperity is evenly spread across the entire country,” said UK digital infrastructure minister, Matt Warman. 

“Tech is at the heart of our plans to power Britain’s recovery full speed out of the pandemic and we are backing the sector with world-class infrastructure and skills training to make sure the UK is the best place to start and grow a digital business.”

By 2026, SAP additionally hopes to support an additional 250 interns through its internship programme, alongside plans to scale up its apprenticeship programme to grow the number of skilled workers across the industry.

Microsoft will reportedly acquire RiskIQ for $500 million


Keumars Afifi-Sabet

12 Jul, 2021

Microsoft is set to strike a deal to acquire security software firm RiskIQ as it seeks to bolster the security of its core products.

RiskIQ provides customers with cloud-based software as a service (SaaS) protection to detect phishing attacks, fraud attempts and malware infections. The company’s SaaS platform taps into a global Internet Intelligence graph that’s mapped billions of relationships between online elements within every organisation and hackers. 

Microsoft is set to purchase the security company in a $500 million (roughly £361 million) deal, according to Bloomberg, as it seeks to integrate RiskIQ’s services into its flagship products and improve the overall resilience for customers. 

This would play into the trend of Microsoft adding more security-oriented tools to platforms like Windows and Azure in recent years as the prospect of cyber threats continues to swell. 

Last year, for example, Microsoft announced a strategic shift to compile its detection and event management services under the Microsoft Defender brand, alongside a host of new services and tools that customers can adopt. The firm described Microsoft Defender, at the time, as the “broadest resource coverage” of any portfolio across the industry, spanning identity protection, endpoints, cloud applications and infrastructure. 

This has come alongside a recruitment drive to add staff to examine Microsoft’s products for vulnerabilities, respond to attacks that its clients face, as well as run the Microsoft threat Intelligence Center, Bloomberg also reports.

Microsoft also struck a partnership with the cyber security organisation MITRE to integrate its adversarial tactics, techniques and common knowledge (ATT&CK) framework into Azure to build a foundation for developing threat models.

This integration saw the organisations jointly launch the Security Stack Mappings for Azure research project, which introduced a library of mappings that connect built-in Azure security controls to the techniques, identified by ATT&CK, that they’re designed to protect against. 

In June, meanwhile, Microsoft also acquired Internet of Things (IoT) security firm ReFirm Labs for an undisclosed fee. Microsoft highlighted the open source Binwalk software, which analyses thousands of device types for firmware issues, as a key reason for why it pursued the acquisition. The firm added these analytical capabilities would help secure IoT and operational technology (OT) devices through Azure Defender for IoT. 

Microsoft, alongside a number of other major companies, has been struggling to deal with the fallout of several major attacks. The most recent has been the Kaseya cyber attack, although this is just the latest in a particularly devastating series of events including the SolarWinds Orion hack as well as the Microsoft Exchange Server incident.  

New Zloader malware technique makes it harder to spot phishing emails


Keumars Afifi-Sabet

9 Jul, 2021

Hackers have been discovered using a new phishing technique that involves using a sequence of chained commands to hide malicious content and make email attachments appear harmless to filters.

The technique involves send a phishing email containing a seemingly innocuous Microsoft Word attachment, according to McAfee. Once opened, it triggers a chain of events that eventually downloads the payload for the infamous banking and data exfiltration malware, known as Zloader.

The fact that the document isn’t embedded with any malicious code will make it easier for phishing emails to bypass initial checks and malware scanners.

Researchers have noted that users are only susceptible to infection if macros are enabled, which the phishing attack will use to trigger a series of commands once the Word document is opened.

Macros are disabled by default in Microsoft Office, so the Word document itself contains a lure designed to trick users into enabling macros, claiming that if they don’t, the file won’t load correctly.

When the Word document opens, and macros are enabled, the document downloads and opens another password-protected Microsoft Excel file from a remote server.

The Word document contains combo box components that store the content required to connect to the remote Excel document, including the Excel object, URL, and password required to open the file. The URL is stored in the combo box in the form of broken strings, which are combined later to form a complete string.

The code then attempts to download and open the Excel file stored in the malicious domain. After extracting the contents from the Excel cells, the Word file creates a Visual Basic for Applications (VBA) module in the downloaded Excel file by writing the retrieved contents. It, essentially, retrieves the cell contents and writes them to XLS macros.

Once the macro is formed and ready, it modifies a RegKey to disable trust access for VBA on the victim’s device in order to execute the malicious function without any Microsoft Office warnings. After writing macro contents to the Excel file, and disabling trust access, a function from the newly written excel VBA is called which downloads the Zloader payload.

“Malicious documents have been an entry point for most malware families and these attacks have been evolving their infection techniques and obfuscation, not just limiting to direct downloads of payload from VBA, but creating agents dynamically to download payload,” McAfee’s researchers Kiran Raj and Kishan N wrote.

“Usage of such agents in the infection chain is not only limited to Word or Excel, but further threats may use other living off the land tools to download its payloads. Due to security concerns, macros are disabled by default in Microsoft Office applications. We suggest it is safe to enable them only when the document received is from a trusted source.”

The operators of the Zloader malware are notorious for finding increasingly innovative ways of spreading their banking Trojan. The malware was found to be present in 100 coronavirus-related email campaigns as of the first half of 2020. Zloader was also hiding within encrypted Excel documents, according to research published in March this year, with its operators overseeing invoice-related spam campaigns.