• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • About Us
    SEARCH
IT Infrastructure, Network Security, News

With Microsoft Office Macros Blocked by Default, Hackers are Using Other Techniques

New Proofpoint research show how threat actors are adapting to Microsoft blocking Office macros by default by leveraging other file types.

July 29, 2022 Zachary Comeau Leave a Comment

Microsoft 365 guides

After pausing the rollout of a default macro-blocking feature in Microsoft Office, Microsoft is now officially blocking VBA macros by default in Office applications in a move to make it harder for threat actors to deploy malware and ransomware using Office applications.

Microsoft first announced the VBA macro blocking in February 2022, just a few months after announcing it would begin blocking XL4 macros by default as well.

However, threat actors are already moving onto new tactics, techniques and procedures to get around the new macro-blocking feature, according to cybersecurity software company Proofpoint.

The Sunnyvale, Calif.-based company’s research shows that hackers were listening to Microsoft’s announcements and began increasingly using container files such as ISO and RAR, as well as Windows Shortcut (LNK) files to distribute malware.

In a report based on research from October 2021 through June 2022, the use of macro-enabled attachments by threat actors decreased by about 66%. Meanwhile, cyberattacks using container file formats (.iso, .rar, .zip, .img and LNK attachments) are up, rising nearly 175% in the same timeframe.

In particular, Proofpoint notes the increased use of ISO and LNK files, which threat actors are using as initial access mechanisms. The use of ISO files has increased 150% in the same timeframe Proofpoint studied, with more than half of 15 tracked threat actors using ISO files in campaigns after Microsoft began blocking Office macros by default in February 2022. HTML attachments containing malware are also on the rise, but the number remains low, according to the company.

However, the most notable shift away from macro-based attacks are the increased usage of LNK files, with such attacks using that file format increasing 1,675% since October 2021. Now, multiple advanced persistent threat (APT) actors are using LNK files with increased frequency.

“Proofpoint researchers assess with high confidence this is one of the largest email threat landscape shifts in recent history,” the company notes in the report. “It is likely threat actors will continue to use container file formats to deliver malware, while relying less on macro-enabled attachments.”

Although the use of Microsoft Office macros in cyberattacks is trending down, there have been some outliers over the last year, including a March campaign of a threat actor delivering the Emotet malware via XL4 macros. When that specific campaign dropped off in April, it began using other file types, such as XLL and zipped LNK attachments, according to Proofpoint.

Similarly, the use of VBA macros in attacks also spiked in March, but has otherwise been on a downward trend, the company’s report says.

Tagged With: Cybersecurity, macros, Microsoft, Microsoft Office, Proofpoint

Related Content:

  • Barracuda networks ransomware, cyberinurance Ransomware Actors May Be Targeting Organizations With Cyber…
  • Bitwarden Secrets manager Bitwarden Releases Beta of Secrets Manager for DevOps…
  • AVer PTZ cameras, the PTZ310UNV2 and PTZ310UV2. AVer Introduces 4K 12X AI PTZ Cameras
  • Cisco Webex Board Pro, MIcrosoft Teams, Webex You Can Now Natively Run Microsoft Teams Rooms…

Free downloadable guide you may like:

  • Four IT Trends That Will Define 2023Expert Series: Four IT Trends That Will Define 2023

    Learn about four key technologies we identified as critical to your IT organization’s success in 2023, as well as how to invest in new innovations emerging from each.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Four IT Trends That Will Define 2023
Expert Series: Four IT Trends That Will Define 2023

Learn about four key technologies we identified as critical to your IT organization’s success in 2023, as well as how to invest in new innovations ...

Harnessing the Power of Digital Signage
Harnessing the Power of Digital Signage

Choosing the best solutions for messaging, branding, and communicating in today’s content-everywhere landscape

Blueprint Series Cover: What works for hybrid work
Blueprint Series: What Works for Hybrid Work

Download this free resource to learn about how IT leaders can effectively manage and implement a hybrid work model.

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSTERMS OF USEPRIVACY POLICY

© 2023 Emerald X, LLC. All rights reserved.