Threat actors have been veering from leveraging Office macros in ransomware attacks since Microsoft announced that such macros would be disabled by default, with the rate of pre-ransomware events using VBA or Excel 4.0 macros dropping from 55% to 9% between the first and second quarter of 2022, VentureBeat reports.
Default blocking of macros has prompted malicious actors to switch to HTML application, shortcut, and disk image files for initial network access, according to a report from Expel.
"Microsofts announcement that it would block macros by default in Microsoft Office applications appears to have changed the game for attackers," said Expel Vice President of Security Operations Jonathan Hencinski.
New attacks using proven techniques could be curbed by configuring Windows Script Files, HTML for Application, and JavaScript files to operate with Notepad, Hencinski said.
Organizations have also been urged to update Windows Explorer to omit ISO file extensions in an effort to prevent unintended execution of malicious software.
SiliconAngle reports that mounting security alert fatigue has prompted Torq to introduce its new HyperSOC system based on its Hyperautomation Platform using artificial intelligence to enable security operation center response automation, management, and monitoring in a bid to bolster the investigation and remediation of cybersecurity threats.
Moldovan botnet operator Alexander Lefterov, also known as Alipatime, Alipako, and Uptime, has been indicted by the U.S. Department of Justice for his involvement in widespread attacks against U.S.-based computers, BleepingComputer reports.