Attackers Try To Bypass Microsoft’s Default Blocking Of Macros In Office Suite

Share post:

Attackers are exploring tactics to bypass Microsoft’s defense strategy, one of which involves turning to file types as vessels for malware.

So far, attackers have relied on macros-enabled attachments, but the number of attackers using this tactic dropped after Microsoft began blocking XL4 macros by default for Excel users. Microsoft also blocked VBA macros by default across the Office suite.

To get around macros blocking, attackers are increasingly using file formats such as ISO (.iso), RAR (.rar), ZIP (.zip), and IMG (.img) files to send macro-enabled documents.

According to Proofpoint researchers since blocking macros by default, malicious campaigns using container files such as ISO, RAR and LNK attachments have now increased by 175%.

The new tactic attempts to bypass Microsoft’s method of blocking VBA macros based on a Mark of the Web (MOTW) attribute, which shows whether a file comes from the internet known as the Zone.Identifier.

“Microsoft applications add this to some documents when they are downloaded from the web. However, MOTW can be bypassed by using container file formats,” the Proofpoint researchers wrote.

Attackers can use the file formats listed above to send macro-enabled documents because the documents within those files, such as a macro-enabled spreadsheet, do not have a MOTW attribute even if the files have it.

The sources for this piece include an article in ThreatPost.

SUBSCRIBE NOW

Related articles

DOGE’s Teen Hacker Stirs Concern Over Musk Team’s Access to Federal Databases

A 19-year-old named Edward “Big Balls” Coristine has raised red flags after Wired revealed he holds a key...

Deep Seek and Open Source AI – Without the Hype: Discussion with Robert Falzon, Head of Engineering, Check Point

DeepSeek AI is shaking up the cybersecurity world—are we prepared for the risks? Join host Jim Love and...

Researchers Jailbreak DeepSeek AI, Expose System Prompt and Raise Security Concerns

Security researchers at Wallarm have successfully jailbroken DeepSeek, a recently released open-source AI model from China. The jailbreak...

New SMS Phishing Scam Targets U.S. Toll Road Users with Fake Payment Alerts

Brian Krebs of the Krebs on Security blog did a big piece leading with how residents across the...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways