Security News > 2023 > May > No more macros? No problem, say miscreants, we'll adapt

No more macros? No problem, say miscreants, we'll adapt
2023-05-15 16:32

Microsoft's decision to block internet-sourced macros by default last year is forcing attackers to find new and creative ways to compromise systems and deliver malware, according to threat researchers at Proofpoint.

"Financially motivated threat actors that gain initial access via email are no longer using static, predictable attack chains, but rather dynamic, rapidly changing techniques."

There were more than 700 cyber campaigns in 2021 that used Visual Basic for Applications macros in their attacks, and almost the same number used XL4 macros, which are specific to Excel, the researchers wrote.

One or more threat groups will adopt a new technique that within weeks and months will be used by even more miscreants.

The group use encryption to make it more difficult for defenders to detect the threat, often successfully.

"The experimentation with and regular pivoting to new payload delivery techniques by tracked threat actors, especially IABs, is vastly different from attack chains observed prior to 2022 and heralds a new normal of threat activity," the researchers wrote.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/05/15/proofpoint_microsoft_macros_cybercrime/