How attackers are adapting to a post-macro world

2022-07-28 09:00

How attackers are adapting to a post-macro world We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships.

After Microsoft announced it would begin blocking VBA and XL4 macros by default for Windows Office applications late last year, attackers began using container files such as ISO and RAR attachments and Windows shortcut files to deliver payloads instead. "We are seeing behaviors shift across the entire threat landscape, and as our researchers mention in the report, they assess with high confidence this is one of the largest email threat landscape shifts in recent history," said Sherrod DeGrippo, vice president of Threat Research and Detection at Proofpoint.

"Bad actors send macros in Office files to end users who unknowingly enable them, malicious payloads are delivered, and the impact can be severe including malware, compromised identity, data loss, and remote access," Microsoft said in a blog post addressing the issue.

Attackers can also use container files to distribute payloads directly, Proofpoint said.

Container files can obscure LNKs, DLLs or executable files that lead to the installation of a malicious payload when opened.

Container XLL files, a type of dynamic link library file for Excel, have also seen a slight increase in use after Microsoft announced it would disable XL4 macros in 2021.

News URL

https://www.techrepublic.com/article/how-attackers-are-adapting-to-a-post-macro-world/

#macro