Hackers Shift in New Attacks Following Microsoft Office Macro Malware Block

When Microsoft blocked the Office Macro for VBA (Visual Basic for Applications) and XLM or XL4 (Excel 4.0), ransomware actors quickly switched tactics to adapt to the new changes.

The tech giant did a good job in shoving away the hackers who use the system. However, it just forced the cybercriminals to think of a new way to create a new attack on the Office macros.

Microsoft Crackdown on Office Macros

Hackers Shift in New Attacks Following Microsoft Office Macro Malware Block
When Microsoft closed down the Office Macros to the hackers, the latter immediately switched tactics to launch a new malware attack. Clint Patterson from Unsplash

As ZDNet reported, Proofpoint highlighted that Microsoft's solution to bar hackers from hacking the XL4 and VBA macros had gone a long way.

The cybersecurity firm said that the incidents of XL4 and VBA Macros usage have steadily declined to 66% from October 2021 to June 2022.

Proofpoint told The Hacker News that it was "one of the largest email threat landscape shifts in recent history." The hackers who have previously exploited the office macros are now shifting tactics for a new attack route.

This time, the threat actors have been relying on controlling RAR and ISO files to infect systems with malware. Even the LNK files are reportedly involved in their latest campaign.

As per Proofpoint's VP of Threat Research and Detection, Sherrod DeGrippo, the hackers have been switching tactics as part of their coping mechanism against Microsoft's recent answer.

Ransomware Campaigns Related to LNK Files Are Increasing

At the moment, the threat actors have been devising their plans to pivot away from the usual campaign through VBA macros. They continue to experiment further to see what email-based malware campaign will effectively spread the virus and bypass the victim's MOTW (Mark of the Web) protection.

At the same time, the experts have discovered about a 175% increase in the incidents of exploitations related to LNK, RAR, and ISO usage.

Since February 2022, cybersecurity analysts have identified at least 10 threat actors behind the LNK file control.

Meanwhile, the attacks linked to HTML attachments doubled starting October 2021 to June 2022.

As a throwback, hackers have been used to abusing Office macros because it's highly exploitable. As a matter of fact, patching won't work against it.

In other news, Tech Times reported that browser hijackers might be lurking around your search engine without you knowing. According to the article, these could hit your computer's system, thus causing it to shut down sometimes.

To solve the issue, you need to install reliable software to avoid these incidents. Apart from that, you should be careful when clicking random links on the internet. Malicious links could easily compromise your device.

If you want to get rid of browser hijackers fully, you need to run a full security scan on your PC or smartphone. This would be possible through an anti-malware tool.

This article is owned by Tech Times

Written by Joseph Henry

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics