CSV/DDE injection attacks have recently popped back up in the cyber world, with Cynet researchers noticing a surge in CSV injection attacks in-the-wild.

CSV/DDE injection attacks are macro-less threats which can be used by exploit web applications and frameworks offering spreadsheet export functionality, allowing users to download data in .csv or .xls files used in spreadsheet applications like Microsoft Excel and OpenOffice Calc.  These spreadsheets contain malicious input. When initiated, an attacker can execute arbitrary code and damage the system. This includes for example, erasing an entire partition or creating access via a backdoor.

Following is a video demonstrating how Cynet detects and remediates CSV/DDE injections using behavioral analysis. When an anomaly such as a malicious Powershell script commanding injection / execution is detected in the context of legitimate processes, an alert is triggered and the threat is automatically remediated without any need for user intervention.

Video: Cynet 360 Stops CSV / DDE Injection


Stopping CSV/DDE injection exploits is just one of the many threats and vulnerabilities the Cynet 360 platform detects and remediates. The Cynet 360 platform provides a comprehensive solution for all an enterprise’s cyber security needs. This includes: endpoint detection and response, user and entity behavior analytics, network analytics, incident response, forensics and more, making security simple while keeping the organization safe.