Security News > 2022 > July > Hackers Opting New Attack Methods After Microsoft Blocked Macros by Default
With Microsoft taking steps to block Excel 4.0 and Visual Basic for Applications macros by default across Office apps, malicious actors are responding by refining their new tactics, techniques, and procedures.
In its place, adversaries are increasingly pivoting away from macro-enabled documents to other alternatives, including container files such as ISO and RAR as well as Windows Shortcut files in campaigns to distribute malware.
VBA macros embedded in Office documents sent via phishing emails have proven to be an effective technique in that it allows threat actors to automatically run malicious content after tricking a recipient into enabling macros via social engineering tactics.
Microsoft's plans to block macros in files downloaded from the internet have led to email-based malware campaigns experimenting with other ways to bypass Mark of the Web protections and infect victims.
Some of the notable malware families distributed through these new methods consist of Emotet, IcedID, Qakbot, and Bumblebee.
"Threat actors are now adopting new tactics to deliver malware, and the increased use of files such as ISO, LNK, and RAR is expected to continue."
News URL
https://thehackernews.com/2022/07/hackers-opting-new-attack-methods-after.html
Related news
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (source)
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability (source)
- U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days (source)
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)