There has been a shift in threat actor behavior in recent years. Observations by threat researchers showed a peak in their change of activities.
Ever since, Microsoft disabled macros by default, which was extensively exploited by threat actors and paved the initial way for ransomware attacks.
In October 2021, Microsoft announced they would block XL4 and VBA macros by default for MS Office users, which was rolled out in 2022. Proofpoint analysis and report showed how threat actors experimented with payload delivery, old file types, and unpredictable attack chains.
As per the reports from Proofpoint research conducted between January 2021 and March 2023,
There has been a downslope in campaigns using macros. Compared to 2021, macros-based campaigns have reduced by up to 66% in 2022. There has been minimal usage of macros-based campaigns in 2023.
Alternatively, ISO attachment-based campaigns were adopted initially, which bypasses the macros restriction, which works around the mark-of-the-web (MOTW) attribute restriction. However, it was fixed by Microsoft in November 2022.
In addition, HTML smuggling, PDF-based campaigns, and OneNote explosions were several other methods that threat actors adopted.
According to February 2023 campaigns, nine different attack chains are followed by threat actors currently.
A Complete detailed analysis of the report has been published by Proofpoint, which shows various techniques and methods used by threat actors.
Users must be aware when downloading or opening any malicious attachments and be vigilant about these threat actors.
Struggling to Apply The Security Patch in Your System? –
Try All-in-One Patch Manager Plus
Casio Computer Co., Ltd. has confirmed that a third party illegally accessed its network on…
A new open-source scanner has been released to detect a critical vulnerability in the Common…
Comcast Cable Communications LLC has reported that over 237,000 users' data has been compromised. The…
American Water Works Company, Inc., a leading provider of water and wastewater services, announced that…
Google has launched a pilot program to block malicious sideloading apps. This initiative is part…
Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA, has…