Microsoft blocks macros in Office; cybercriminals change their technique

Microsoft, the technology giant father of the Windows system and related products, has announced that it will block macros by default in its Office suite, which has led cybercriminals to look for new ways to trick users through files. This shift in malware distribution has been a novel test of hackers’ intelligence. In today’s article, we show you the details of these changes.

Read: Meta takes action against cyberespionage groups that abuse its Facebook platform

Cybercriminals’ technique change in attachments is due to Microsoft blocking macros

VBA macros are a bit of code programmed in the Microsoft programming language. Coming from an attached file on the internet, be it an email or a link, the hacker manages to insert malicious code that installs malware. Hence, the endless talk about being aware of attachments.

For this reason, Microsoft decided to block these macros by default, offering a secure document suite for all users, whether they are personal or professional accounts. The Windows company specifies that when you open an attached file and it contains a VBA macro, the file will be blocked. They also give a series of steps to create exceptions, especially if you work with a corporate intranet; just read its blog post.

The security firm ProofPoint claims that these changes have been rolling out since last year, when users were advised to enable the block from the Office suite’s security settings. Now that they are blocked by default, it means that there are good results in the battle against cybercriminals. They have observed that between October 2021 and June 2022, the use of macro-enabled attachments by attackers has decreased by 66%.

“It’s already a significant change in the threat landscape to move away from directly sending macro-based attachments via email,” said Sherrod DeGrippo, VP of Research and Threat Detection at Proofpoint. “Cybercriminals are adopting new tactics to distribute malware and will continue to increase the use of ISO, LNK and RAR files in their attacks.”

The use of these files has increased up to 175% in the last few months. Opening any of these types of attachments results in additional content or executable files that install malicious payloads. In this way, cybercriminals manage to elude Microsoft controls and infect the computers or systems of users and companies.

Keep in touch with our blog to read the latest news and innovations in the cybersecurity world. 

Microsoft blocks macros

Photo by Romain V on Unsplash.

Facebook: Eagle Tech Corp

Instagram: @eagletech_corp

Twitter: @eagletechcorp

LinkedIn: Eagle Tech

YouTube: Eagle Tech Corp

Cyber security & IT Managed Services

Table of Contents

Share this Article
Related Articles