1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft blocked malicious macros, but hackers have found anothe

    From TechnologyDaily@1337:1/100 to All on Fri Jul 29 13:00:03 2022
    Microsoft blocked malicious macros, but hackers have found another way

    Date:
    Fri, 29 Jul 2022 11:47:14 +0000

    Description:
    Criminals turning to shortcuts and containers to distribute malware,
    following the death of the Microsoft macro

    FULL STORY ======================================================================

    Now that macros in downloaded Microsoft Office files are officially dead , it was only a matter of time before hackers came up with a new scheme.

    According to cybersecurity experts Proofpoint, theyve found not one, not two, but three new methods to get victims to download malware .

    The companys latest report says that instead of macro-laden Office files, which are now on a significant decline, crooks are going for container files, shortcuts, and HTML files. Shortcuts spiking

    From October 2021 until today, the number of macro-powered Office files used to distribute malware drooped by a whopping two-thirds (66%). On the other hand, the use of container files (ISO files, ZIP, RAR files, and similar)
    rose by approximately 175%. Container files are a great way to avoid
    antivirus solutions, and if they also come with a password, their perceived legitimacy grows that much bigger.

    As for shortcut files (.LNK), their use exploded in February 2022, rising by 1,675% since October the year before. Proofpoint says that ten separate
    threat actors are now favoring shortcut files to distribute malware, and that includes some of the heavy-hitters like Emotet, Qbot, or IcedID.

    The icons of the shortcut files can be changed to virtually anything, helping crooks masquerade these files as PDFs, or Word documents. Read more

    Uh oh, malicious Windows shortcuts are making a return


    Hackers have found a sneaky new way to infect Windows devices


    Looking for the best secure email providers? Look no further

    Theyre also quite potent, as they can execute almost any command for which
    the victim has permission, including the execution of PowerShell scripts which, in this particular case, the crooks use to get people to download malware from the internet.

    Proofpoint is also saying theres been a noticeable rise in the use of HTML attachments, as these types of files can also be used to drop malware on target endpoints , while avoiding email security systems. Still, HTML attachments have relatively low volume, especially compared to container
    files and shortcuts. Whether or not that changes in the future, remains to be seen. These are the best firewalls around

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/microsoft-blocked-malicious-macros-but-hackers- have-found-another-way/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)