Microsoft’s decision to turn off Office macros by default has had a significant impact on the use of the mini-programs by hackers, according to enterprise security company Proofpoint. In a blog posted today, the company noted its researchers have found that the use of macro-enabled attachments by threat actors has decreased approximately 66% between October 2021 and June 2022.
“We’ve seen them switch their tactics away from leveraging malicious macros into other kinds of attacks like LNK files,” says Proofpoint Vice President for Threat Research and Detection Sherrod DeGrippo. “We’ve seen a 1,600% increase over the past ten months or so around using other tactics aside from malicious Office macros. The threat actors got the message that this is coming and are stifling their use of macros against individuals and organizations.”