CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

Microsoft Resumes Blocking Office VBA Macros by Default After ‘Temporary Pause’

admin by admin
July 22, 2022
in Information Security


Microsoft has officially resumed blocking Visual Basic for Applications (VBA) macros by default across Office apps, weeks after temporarily announcing plans to roll back the change.

“Based on our review of customer feedback, we’ve made updates to both our end user and our IT admin documentation to make clearer what options you have for different scenarios,” the company said in an update on July 20.

Earlier this February, Microsoft publicized its plans to disable macros by default in Office applications such as Access, Excel, PowerPoint, Visio, and Word as a way to prevent threat actors from abusing the feature to deliver malware.

It’s a known fact that a majority of the damaging cyberattacks today leverage email-based phishing lures to spread bogus documents containing malicious macros as a primary vector for initial access.

CyberSecurity

“Macros can add a lot of functionality to Office, but they are often used by people with bad intentions to distribute malware to unsuspecting victims,” the company notes in its documentation.

By disabling the option by default for any Office file downloaded from the internet or received as an email attachment, the idea is to eliminate an entire class of attack vectors and disrupt the activities of malware such as Emotet, IcedID, Qakbot, and Bumblebee.

Blocking Office VBA Macros by Default

However, Microsoft backtracked on the change in the first week of July, telling The Hacker News that it’s pausing the rollout of the feature to make additional usability improvements. In the interim, the tech giant’s decision to block macros has led adversaries to adapt their campaigns to resort to alternative distribution methods such as .LNK and .ISO files.

That said, using malicious macros as an entry point to trigger the infection chain is not limited to Microsoft Office alone.

CyberSecurity

Last week, HP Wolf Security flagged an “unusually stealthy malware campaign” that makes use of OpenDocument text (.odt) files to distribute malware targeting the hotel industry in Latin America.

The documents, which come attached with fake booking request emails, prompt the recipients to enable macros, doing so, which results in the execution of the AsyncRAT malware payload.

Blocking Office VBA Macros by Default

“Detection of malware in OpenDocument files is very poor,” security researcher Patrick Schläpfer said. “The structure of OpenDocument files is not as well analyzed by antivirus scanners or as frequently used in malware campaigns.”

“Many email gateways would warn about more common file types containing multiple linked documents or macros, but OpenDocument files are not picked up and blocked in this way – meaning that protection and detection is failing at the first stage.”





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

Massive Losses Define Epidemic of ‘Pig Butchering’ – Krebs on Security

Next Post

Re-Live SITS 2022 (The Service Desk and IT Support Show)

Related Posts

Information Security

New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack

by admin
August 7, 2022
Information Security

Spring 2022 PCI 3DS report now available

by admin
August 7, 2022
Information Security

Tech giants pledge self-regulation in NZ pact

by admin
August 7, 2022
Information Security

Hackers Exploit Twitter Vulnerability to Exposes 5.4 Million Accounts

by admin
August 6, 2022
Information Security

Class Action Targets Experian Over Account Security – Krebs on Security

by admin
August 6, 2022
Next Post

Re-Live SITS 2022 (The Service Desk and IT Support Show)

Recommended

New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack

August 7, 2022

Spring 2022 PCI 3DS report now available

August 7, 2022

Tech giants pledge self-regulation in NZ pact

August 7, 2022

Will Oracle Save the Day with Its EHR database?

August 7, 2022

Illuminatecreativity

August 7, 2022

Hackers Exploit Twitter Vulnerability to Exposes 5.4 Million Accounts

August 6, 2022

© 2022 CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 JNews - Premium WordPress news & magazine theme by Jegtheme.