As they look for attack surfaces to exploit, an increasing number of criminals are turning to Excel 4.0 macros as tools for gaining a foothold in enterprise networks. Newly published research has found that a new wave of these attacks has hit roughly every one to two weeks for the last five months, each one adding evasion techniques and sophistication to its predecessors.
In its report, the Lastline Threat Research Group noted that Excel 4.0 XLM macros are a feature that has existed for more than 30 years. While not the current VBA macro technology, they are still part of the legitimate functionality of Excel. While some organizations disable macro functionality by default, others depend on macros for critical applications. And in those organizations, it can be difficult for security systems to differentiate between legitimate and malicious macros.
According to the report, the malicious macros tend to be loaders, responsible for delivering a variety of commodity malware families, such as Danabot, ZLoader, Trickbot, Gozi, and Agent Tesla to the victim’s computers.
Find out more here.
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that “really bad day” in cybersecurity. Click for more information and to register.
Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.