Cybercriminals Take to New Techniques After Microsoft’s Decision to Block Macros by Default

Threat actors are turning to new tactics as Microsoft attempts to block the delivery of malicious phishing payloads via the macro feature in its Office suit.

A blog post by Proofpoint on Thursday revealed that the use of macros-enabled attachments by threat actors dropped by about 66 percent between October 2021 and June 2022. From the data, it can be seen that the beginning of the decrease started as soon as Microsoft first started blocking XL4 macros for all Excel users by default, which was followed by the blocking of VBA macros by default across its Office suit this year.

Researchers from Proofpoint reported that threat actors are now increasingly using container files such as ISO and RAR and Windows Shortcut (LNK) files to deliver malware.

They found that during the eight month period that saw a decrease in the use of macros-enabled attachments, the use of container files to deliver malicious payloads increased by 175 percent.

As threat actors find new ways to up their game, it is important to be always vigilant to protect yourself from falling into their trap. In this case, the lesson to take home is to never click or open an attachment from an unknown source.

Featured image by Markus Spiske on Unsplash