Threat actors have been veering from leveraging Office macros in ransomware attacks since Microsoft announced that such macros would be disabled by default, with the rate of pre-ransomware events using VBA or Excel 4.0 macros dropping from 55% to 9% between the first and second quarter of 2022, VentureBeat reports.
Default blocking of macros has prompted malicious actors to switch to HTML application, shortcut, and disk image files for initial network access, according to a report from Expel.
"Microsofts announcement that it would block macros by default in Microsoft Office applications appears to have changed the game for attackers," said Expel Vice President of Security Operations Jonathan Hencinski.
Organizations have also been urged to update Windows Explorer to omit ISO file extensions in an effort to prevent unintended execution of malicious software.
Ukraine has been targeted by Russian threat actors in the new Operation Texontodisinformation campaign that also involved spear-phishing and credential exfiltration tactics, according to The Hacker News.
Record high ransomware and data extortion incidents experienced by Western nations last year have prompted former National Security Agency Director Michael Rogers to call for a reevaluation of their cybersecurity defense strategy.