Proofpoint threat analysts have been tracking and analysing malicious macro campaigns dominating the threat landscape since last October. These campaigns have mainly targeted organisations in North America, more specifically the United States.
Dridex actors seemed to be shifting targets to Europe, one example being a campaign aimed at Poland. Proofpoint researchers also found a sudden, enormous increase in activity targeting French organisations. They warned that it could be the start of continuous attack.
This was indeed the case. After two weeks of continuous attacks, threat actors continue to target French organisations with more sophisticated later repetitions of these malicious macro campaigns. The campaigns are extraordinary because they include many of the latest adaptations that have been added over several months to US-targeted campaigns. French organisations that have had minimal exposure to these threats now face their most sophisticated and effective versions. The results can be seen in the high infection rates.
To learn more about this new formation of malicious macros and how to fight them, read the Proofpoint research paper, “The Cybercrime Economics of Malicious Macros.”