How Threat Actors Are Adapting to a Post-Macro World


  • In response to Microsoft’s announcements that it would block macros by default in Microsoft Office applications, threat actors began adopting new tactics, techniques, and procedures (TTPs).
  • Threat actors are increasingly using container files such as ISO and RAR, and Windows Shortcut (LNK) files in campaigns to distribute malware. 
  • Proofpoint has observed the use of VBA and XL4 Macros decrease approximately 66% from October 2021 through June 2022, based on campaigned data.

Read more…