Trick someone in Enabling macros on a downloaded Microsoft Excel or Word file is a very hard thing for hackers to believe. One click from the target creates a foothold for attackers to take over their devices. This week, however, Microsoft announced a seemingly small but significant edit: Starting in April, macros will be disabled by default in files downloaded from the internet.
Macros are small pieces of software used to automate tasks like data collection without developing additional tools or applications. They can be written directly in Microsoft’s Visual Basic for Applications programming language, or set up through translation tools that will turn a series of steps into VBA macros with no coding skills required. Businesses rely heavily on them, especially those with legacy infrastructure, and they play a vital role in everything from financial services to government organisations. But as an individual Microsoft 365 user, it’s not uncommon for your only interaction with the macro to click that annoying “allow” button — or know how to avoid it.
For attackers, being able to write small programs in large, trusted applications like Excel or Word presents an opportunity to develop what are essentially macro viruses. Bad guys can also create these programs to automatically download and run additional malware on the victim’s device. So whether you use the feature in your day-to-day life or not, everyone has been at risk from it for decades, making Microsoft’s move this week all the more important. than.
“A few years from now, we’ll look back on this announcement as the biggest change Microsoft has made to reduce threat agent initial access,” incident responder and former NSA hacker Jake Williams said. “Your apex-level threat actors or NSO group the world doesn’t use this tool anymore, but this will affect the scammers, ransomware certainly groups and other criminals. “
According to Brett Callow, a threat analyst at anti-virus company Emsisoft, at least a quarter of ransomware attacks targeting businesses or other organizations begin with phishing attempts.
“I’m excited about Microsoft’s announcement,” Callow said. “On the other hand, cybercriminals will no longer be happy. Really, the change is long overdue. “
A Microsoft spokesperson said: “We are always working to improve security. “Our products now provide a warning to all customers asking them to click before running macros from the internet. This new feature goes even further with an extra step to protect customers in everyday situations. The company declined to say specifically why it is taking this step now and not doing it sooner.
The answer may have to do with a tension between the needs of Microsoft’s large, macro-dependent customers and the desire to prevent macro-related attacks once and for all. In Windows 10 and 11, a feature called Microsoft Defender Application Guard made it much more difficult for attackers to gain meaningful access from what had previously been macro-related attacks. success. But Application Guard is primarily intended for enterprise devices, and many consumer Windows computers are still don’t support it. And in general, the vast universe of old and outdated Windows devices continues to ship without advanced protections.
