Cybercriminals turn to container files and other tactics to get around the company’s attempt to thwart a popular way to deliver malicious phishing payloads.
Researchers have discovered that threat actors are circumventing Microsoft’s Office suite’s default barring of macros by employing alternate files to house malicious payloads now that a major avenue for threat delivery has been shut down. According to fresh statistics released by Proofpoint in a blog post on Thursday, threat actors used attachments with macros less frequently between October 2021 and June 2022, by around a 66 percent margin.
The decline started around the time Microsoft announced its intention to start banning XL4 macros by default for Excel users, which was followed this year by the default blocking of VBA macros throughout the Office suite.
Read More: Threat Actors Pivot Around Microsoft’s Macro-Blocking in Office