As Microsoft Office began blocking malicious macros by default in many of its programs, hackers began to change their tactics after they had previously distributed malware via phishing attachments with malicious macros.
The cybersecurity experts at Proofpoint have claimed that it has now become more common for hackers to use new file types such as:-
There are several types of macros that can be created in Microsoft Office programs that automate repetitive tasks. These include VBA macros and XL4 macros. While the threat actors use them in a variety of ways, including:-
It is because Microsoft announced that they were going to block macros by default on their Office subsystem in order to end the abuse of the subsystem that Microsoft was experiencing.
In this way, the hackers will have a harder time activating them, so the users will be safer.
Compared to the same period last year, macros have been used 66% less, a clear sign that there has been a shift away from macros as a means of distributing payloads.
There is also an increase of almost 175% in the use of container files, which have grown steadily over the past few years. The use of LNK files has been reported by at least 10 different threat actors since February 2022, which is quite a large number.
Since the month of October 2021, there was an increase of 1,675% in the number of campaigns containing LNK files. These new methods have led to the distribution of several notable malware families, including:-
While apart from this, Proofpoint analysts have tracked these events and found that the use of HTML attachments to drop malicious files on the host system has increased significantly in the past year.
Despite this, they continue to have small distribution volumes despite their growing popularity. It is now becoming more common for threat actors to use a variety of file types in order to gain access to files at the beginning instead of macro-enabled documents.
LNK files and ISO formats have been adopted due to this change. Microsoft’s macro blocking protection can be bypassed using such filetypes, as well as the distribution of executable files can be simplified.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates.
Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…
The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…
A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute…
Meta has announced the removal of over 2 million accounts connected to malicious activities, including…
Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…
A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing…