Cyberattacks utilising Microsoft Excel have dropped for 2022

September 7, 2022
Cyberattacks Microsoft Excel 2022 Threat Actors Macro

New studies reveal that Microsoft Excel being utilised for cybercriminal activities, such as malware propagation, has dramatically declined since July this year. Researchers focusing on this study explained that from June to the end of July, cyberattacks utilising Excel have dropped by about 9.3%.

According to experts, the findings could likely be due to Microsoft’s recent verdict to disable the default macro code execution in their application, which threat actors worldwide have long been exploiting to hack into computers when the victims open a malicious file.

 

Threat actors might have shifted their attack tactics after the default Microsoft Excel 4.0 macros deactivation, dropping from 14.4% to 5.1% attribution in attacks related to the application.

 

Reports about the study also showed that the leading malware strain spread using malicious Microsoft Excel 4.0 macros were QakBot and Emotet. Some incidents reveal that the malware operators switched to another complex infection chain via HTML smuggling and DLL sideloading attacks since they can no longer exploit the application and its functions.

Since the Excel macros have been deactivated, threat groups shifting to other complicated infection tactics have concerned many cybersecurity researchers. For instance, the QakBot malware is now spread through malicious HTML documents disguised as an Adobe PDF file. Once the victim opens the zip file from the downloaded reader software, the payload will automatically launch and install DLL files, installing the QakBot malware on the compromised machine.

Furthermore, the researchers underlined that it could be noticed how the sudden shifting of tactics for the QakBot campaign could be the actors’ response to Microsoft’s deactivation of the Excel macros. The HTML smuggling technique could affect a wide scale of victims; however, its operators are also bound to upgrade and alter their security evasion techniques.

Despite the new security measure, experts still consider Microsoft Excel abuse a popular method for malware attacks. They also believe that the security measure only has a short-term effect on the drop in attack volumes, especially since threat operators are known to have a quick adaptation to changes around the cybersecurity landscape.

About the author

Leave a Reply