Malicious actors are adapting their strategies, techniques, and procedures in response to Microsoft’s move to automatically block Excel 4.0 (XLM or XL4) and Visual Basic for Applications (VBA) macros across Office programs (TTPs).
Malicious Microsoft Office document attachments sent in phishing emails often contain VBA and XL4 Macros, two short programs designed to automate repetitive processes in Microsoft Office applications that threat actors use to load, drop, or install malware.
Sherrod DeGrippo, vice president of threat research and detection at Proofpoint, stated “the threat landscape has changed significantly as a result of threat actors shifting away from directly disseminating macro-based email attachments.”
The change was made as a result of Microsoft’s announcement that it will stop the widespread exploitation of the Office subsystem by making it more challenging to activate macros and automatically banning them by default.
New tactics
Use of ISO, RAR, and Windows Shortcut (LNK) attachments to get around the block has multiplied by 66%, according to security firm Proofpoint, which calls this activity ‘one of the largest email threat landscape shifts in recent history.’ Actors spreading the Emotet malware are also involved in this activity.
The use of container files like ISOs, ZIPs, and RARs has also increased rapidly, increasing by about 175 percent.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: