Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Attackers Shifting Away from Using Microsoft Office Macros

August 3, 2022

A mark of success is the ability to be flexible. Microsoft has decided to turn off the ability to execute macros by default. It has been a controversial decision, but security experts believe it is the right one. Cyber criminals have used macros to deliver malware and compromise users’ machines. CSO reported that security company, Proofpoint, saw a 66% decline in attacks over the last eight months since Microsoft changed the default macro action. “We’ve seen them switch their tactics away from leveraging malicious macros into other kinds of attacks like LNK files. We’ve seen a 1,600% increase over the past ten months or so around using other tactics aside from malicious Office macros. The threat actors got the message that this is coming and are stifling their use of macros against individuals and organizations.”

Welcome to flexibility. With the reduction of successful attacks, cyber criminals have changed techniques. Proofpoint reported that there is a shift “to the adoption of ISO and other container file formats, as well as LNK files. Such filetypes, it explains, can bypass Microsoft’s macro-blocking protections as well as facilitate the distribution of executables that can lead to malware downloads, data reconnaissance and theft, and ransomware.” Does anyone else feel like we are playing the cybersecurity version of Whac-A-Mole?

Email:   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com