Tech

Microsoft blocks Office macros: How hackers bypass this ban


banner img

Last year, Microsoft announced to block XL4 (Excel 4.0) and VBA (Image Basics for Apps) macros by default for Office High class. Now that the company is making changes, attackers have found a new way to bypass Microsoft’s move. Hackers are migrating to new file types, including ISOs, RAR and LNK (Windows Shortcut), to deliver malware to the system.
A macro is a series of commands grouped into a program to perform an automated task. Now, XL4 macros and VBA are two small programs used to perform repetitive tasks in Microsoft Office. Hackers have been actively using these two macros as threat agents to install malware into the system through malicious documents downloaded from the internet or phishing mail.
“The use of macro-enabled attachments by threat actors decreased by approximately 66% between October 2021 and June 2022,” reads the latest report from Proving Points. The enterprise security firm calls this “one of the biggest email threat landscape changes in recent history.”
The company made the announcement last year, but it took them a long time to implement the changes. Microsoft blocked macros last month, but hackers turned away from Office macro attacks as they used new file types as payloads. The report states, “Threat actors are now adopting new tactics to distribute malware, and increased use of files such as ISOs, LNKs, and RARs is expected to continue.”
The use of ISO, RAR, and LNK files for malware distribution has increased by 175% during the same period and is expected to grow even more. Attackers have been using new methods to deliver malware from EmotetIcedID, Qakbotand Bee families. LNK file adoption has increased dramatically; the number of campaigns has increased by 1675% since October 2021, making it one of the most used threat agents, used by ten individual threat groups.
“As for getting the intended victim to open and click, the methods are the same: a series of social engineering tactics to get people to open and click,” the Proofpoint researchers said. The prevention we use for phishing still applies here.”

FOLLOW US ON SOCIAL MEDIA

FacebookTwitterInstagramKOOKS APPYOUTUBE





Source link

news7f

News7F: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, Sports...at the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Back to top button