Security News

The global average cost of a data breach reaches an all-time high of $4.35 millionIBM Security released the 2022 Cost of a Data Breach Report, revealing costlier and higher-impact data breaches than ever before, with the global average cost of a data breach reaching an all-time high of $4.35 million for studied organizations. Minimizing risk: Key cybersecurity-related M&A considerationsIn this Help Net Security video, Lenny Zeltser, CISO at Axonius, shares key cybersecurity-related considerations that both acquirer and acquired should keep in mind as they go through M&A. Trust in fintech security has been waveringThe growing rate of cybercrime has added to the market unrest and questioned fintech preparedness; some claimed that the industry players are more susceptible to virtual threats than traditional banking, with greater resources at their disposal.

Threat actors are switching to email attachments using Windows Shortcut files and container file formats instead. The popularity decline of malicious macros. The beginning of the decreasing popularity of malicious macro-enabled files can be traced back to Microsoft's announcement in late 2021 of its intention to disable Excel 4.0 XLM macros in Microsoft 365 by default.

With Microsoft taking steps to block Excel 4.0 and Visual Basic for Applications macros by default across Office apps, malicious actors are responding by refining their new tactics, techniques, and procedures. In its place, adversaries are increasingly pivoting away from macro-enabled documents to other alternatives, including container files such as ISO and RAR as well as Windows Shortcut files in campaigns to distribute malware.

Threat actors are finding their way around Microsoft's default blocking of macros in its Office suite, using alternative files to host malicious payloads now that a primary channel for threat delivery is being cut off, researchers have found. The beginning of the decrease coincided with Microsoft's plan to start blocking XL4 macros by default for Excel users, followed up with the blocking of VBA macros by default across the Office suite this year.

The LibreOffice suite has been updated to address several security vulnerabilities related to the execution of macros and the protection of passwords for web connections. LibreOffice features a check to determine if a macro was created and signed by someone the user trusts so it wouldn't execute the macro code in case of a mismatch.

How attackers are adapting to a post-macro world We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. After Microsoft announced it would begin blocking VBA and XL4 macros by default for Windows Office applications late last year, attackers began using container files such as ISO and RAR attachments and Windows shortcut files to deliver payloads instead. "We are seeing behaviors shift across the entire threat landscape, and as our researchers mention in the report, they assess with high confidence this is one of the largest email threat landscape shifts in recent history," said Sherrod DeGrippo, vice president of Threat Research and Detection at Proofpoint.

Hackers who normally distributed malware via phishing attachments with malicious macros gradually changed tactics after Microsoft Office began blocking them by default, switching to new file types such as ISO, RAR, and Windows Shortcut attachments.VBA and XL4 Macros are small programs created to automate repetitive tasks in Microsoft Office applications, which threat actors abuse for loading, dropping, or installing malware via malicious Microsoft Office document attachments sent in phishing emails.

The phrase Office macros is a harmless-sounding, low-tech name that refers, in real life, to program code you can squirrel away inside Office files so that the code travels along with the text of a document, or the formulas of a spreadsheet, or the slides in a presentation. Even though the code is hidden from sight in the file, it can nevertheless sneakily spring into life as soon as you use the file in any way.

Microsoft is shutting the door on a couple of routes cybercriminals have used to attack users and networks. The issue of macros has become a particularly gnarly one for the software giant.

Microsoft has officially resumed blocking Visual Basic for Applications macros by default across Office apps, weeks after temporarily announcing plans to roll back the change. Earlier this February, Microsoft publicized its plans to disable macros by default in Office applications such as Access, Excel, PowerPoint, Visio, and Word as a way to prevent threat actors from abusing the feature to deliver malware.