Security News

Bumblebee malware wakes from hibernation, forgets what year it is, attacks with macros
2024-02-14 10:57

The Bumblebee malware loader seemingly vanished from the internet last October, but it's back and - oddly - relying on a vintage vector to try and gain access. First spotted in 2022 by researchers at Proofpoint - who identified it as an apparent replacement for BazarLoader - Bumblebee was originally used by high-profile ransomware groups including Russia-linked Conti.

Cybercrooks amp up attacks via macro-enabled XLL files
2023-11-01 14:45

Xlam files are now the seventh most commonly abused file extension in Q3 2023, rising 35 places from 42nd on the list in Q2. XLL attacks aren't new and researchers observed a lull in exploits at the start of 2023, but a surge in attention has been given to them in the past few months. XLL files offer attackers greater capabilities compared to alternatives like Visual Basic for Applications macros, which are now blocked by default courtesy of Microsoft's 2022 intervention, a move that was seen at the time as long overdue.

Exploring the macro shifts in enterprise security
2023-07-20 03:00

"The shift to the cloud has been a long journey and attackers are taking advantage now that employees regularly log into multiple cloud services, often from outside the traditional enterprise network perimeter," said Ariel Tseitlin, Partner at Scale Venture Partners and an avid investor in the cloud and security industries. As AI/ML models become more commonplace within organizations, 49% of security leaders worried about threat actors poisoning those AI/ML models to bypass security protections.

No more macros? No problem, say miscreants, we'll adapt
2023-05-15 16:32

Microsoft's decision to block internet-sourced macros by default last year is forcing attackers to find new and creative ways to compromise systems and deliver malware, according to threat researchers at Proofpoint. "Financially motivated threat actors that gain initial access via email are no longer using static, predictable attack chains, but rather dynamic, rapidly changing techniques."

Emotet Rises Again: Evades Macro Security via OneNote Attachments
2023-03-20 05:51

The notorious Emotet malware, in its return after a short hiatus, is now being distributed via Microsoft OneNote email attachments in an attempt to bypass macro-based security restrictions and compromise systems. A derivative of the Cridex banking worm - which was subsequently replaced by Dridex around the same time GameOver Zeus was disrupted in 2014 - Emotet has evolved into a "Monetized platform for other threat actors to run malicious campaigns on a pay-per-install model, allowing theft of sensitive data and ransom extortion."

Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware
2023-02-03 15:03

In a continuing sign that threat actors are adapting well to a post-macro world, it has emerged that the use of Microsoft OneNote documents to deliver malware via phishing attacks is on the rise. Enterprise firm Proofpoint said it detected over 50 campaigns leveraging OneNote attachments in the month of January 2023 alone.

Microsoft took its macros and went home, so miscreants turned to Windows LNK files
2023-01-23 13:34

Microsoft's move last year to block macros by default in Office applications is forcing miscreants to find other tools with which to launch cyberattacks, including the software vendor's LNK files - the shortcuts Windows uses to point to other files. The files are also helping criminals gain initial access into victims' systems before running such threats as the Qakbot backdoor malware, malware loader Bumblebee, and IcedID, a malware dropper, according to the Talos researchers.

87% of the ransomware found on the dark web has been delivered via malicious macros
2022-08-03 03:00

Venafi announced the findings of a dark web investigation into ransomware spread via malicious macros. 87% of the ransomware found on the dark web has been delivered via malicious macros to infect targeted systems.

Week in review: Attackers abandoning malicious macros, average data breach cost soars
2022-07-31 10:15

The global average cost of a data breach reaches an all-time high of $4.35 millionIBM Security released the 2022 Cost of a Data Breach Report, revealing costlier and higher-impact data breaches than ever before, with the global average cost of a data breach reaching an all-time high of $4.35 million for studied organizations. Minimizing risk: Key cybersecurity-related M&A considerationsIn this Help Net Security video, Lenny Zeltser, CISO at Axonius, shares key cybersecurity-related considerations that both acquirer and acquired should keep in mind as they go through M&A. Trust in fintech security has been waveringThe growing rate of cybercrime has added to the market unrest and questioned fintech preparedness; some claimed that the industry players are more susceptible to virtual threats than traditional banking, with greater resources at their disposal.

Attackers are slowly abandoning malicious macros
2022-07-29 10:48

Threat actors are switching to email attachments using Windows Shortcut files and container file formats instead. The popularity decline of malicious macros. The beginning of the decreasing popularity of malicious macro-enabled files can be traced back to Microsoft's announcement in late 2021 of its intention to disable Excel 4.0 XLM macros in Microsoft 365 by default.