As Microsoft Office began blocking malicious macros by default in many of its programs, hackers began to change their tactics after they had previously distributed malware via phishing attachments with malicious macros.
The cybersecurity experts at Proofpoint have claimed that it has now become more common for hackers to use new file types such as:-
There are several types of macros that can be created in Microsoft Office programs that automate repetitive tasks. These include VBA macros and XL4 macros. While the threat actors use them in a variety of ways, including:-
It is because Microsoft announced that they were going to block macros by default on their Office subsystem in order to end the abuse of the subsystem that Microsoft was experiencing.
In this way, the hackers will have a harder time activating them, so the users will be safer.
Compared to the same period last year, macros have been used 66% less, a clear sign that there has been a shift away from macros as a means of distributing payloads.
There is also an increase of almost 175% in the use of container files, which have grown steadily over the past few years. The use of LNK files has been reported by at least 10 different threat actors since February 2022, which is quite a large number.
Since the month of October 2021, there was an increase of 1,675% in the number of campaigns containing LNK files. These new methods have led to the distribution of several notable malware families, including:-
While apart from this, Proofpoint analysts have tracked these events and found that the use of HTML attachments to drop malicious files on the host system has increased significantly in the past year.
Despite this, they continue to have small distribution volumes despite their growing popularity. It is now becoming more common for threat actors to use a variety of file types in order to gain access to files at the beginning instead of macro-enabled documents.
LNK files and ISO formats have been adopted due to this change. Microsoft’s macro blocking protection can be bypassed using such filetypes, as well as the distribution of executable files can be simplified.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates.
EclecticIQ cybersecurity researchers have uncovered a cyberespionage operation dubbed "Operation FlightNight" targeting Indian government entities and energy companies. The attackers,…
The notorious WarzoneRAT malware has made a comeback, despite the FBI's recent efforts to dismantle its operations. Initially detected in…
Android devices are popular among hackers due to the platform’s extensive acceptance and open-source nature. However, it has a big…
Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation, and growth. However, this shift towards…
A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed light on the growing concerns within…
Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse engineering .NET malware. The write-up outlines…