A 30-year-old macro technology for Microsoft Excel is finding new popularity as a cybersecurity attack vector.

Dark Reading Staff, Dark Reading

June 4, 2020

1 Min Read

As they look for attack surfaces to exploit, an increasing number of criminals are turning to Excel 4.0 macros as tools for gaining a foothold in enterprise networks. Newly published research has found that a new wave of these attacks has hit roughly every one to two weeks for the last five months, each one adding evasion techniques and sophistication to its predecessors.

In its report, the Lastline Threat Research Group noted that Excel 4.0 XLM macros are a feature that has existed for more than 30 years. While not the current VBA macro technology, they are still part of the legitimate functionality of Excel. While some organizations disable macro functionality by default, others depend on macros for critical applications. And in those organizations, it can be difficult for security systems to differentiate between legitimate and malicious macros.

According to the report, the malicious macros tend to be loaders, responsible for delivering a variety of commodity malware families, such as Danabot, ZLoader, Trickbot, Gozi, and Agent Tesla to the victim's computers.

Find out more here.

VIRTUALSUMMIT_DR20_320x50.jpg

 

 

 

 

 

 

Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really  bad day" in cybersecurity. Click for more information and to register

 

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights