Windows OS owner Microsoft is taking some harsh steps to bar Excel 4.0 (XLM or XL4) and Visual Basic for Applications (VBA) macros by default across Office applications, while black hat hackers are reacting by clearing their latest tactics, techniques, and procedures (TTPs).
According to a report, “The usage of VBA and XL4 Macros dropped around 66% from October 2021 till June 2022”
Moreover, competitors are progressively redirecting out from macro-enabled docs to additional options, comprising container files such as ISO and RAR as well as Windows Shortcut (LNK) files in campaigns to disseminate malware.
According to resources, new black hat hackers are now embracing fresh techniques to produce malware, with an increase in the usage of files like ISO, LNK, and RAR which are highly expected to persist. Further, VBA macros implanted in Office docs mailed through phishing emails have been confirmed to be a useful strategy in that; it permits malicious entities and actors to spontaneously execute adversarial content after fooling a recipient into allowing macros via social engineering techniques.
So far, as we have already elaborated that Microsoft has planned to bar macros in files downloaded from the internet that has directed to email-based malware campaigns testing with some additional measures to circumvent Mark of the Web (MOTW) protections and contaminate targets.
Subsequently, this concerns the usage of ISO, RAR, and LNK file extensions which have streamed almost 175% during the same span. Around 10 threat players are said to have started employing LNK files since February 2022.
Furthermore, it is highly been noticed by a security organization that the number of campaigns comprising LNK files has rapidly expanded by 1,675% since Oct 2021; summing the number of attacks utilizing HTML attachments to more than two times from October 2021 to June 2022.