Threat actors are finding their way around Microsoft’s default blocking of macros in its Office suite, using alternative files to host malicious payloads now that a primary channel for threat delivery is being cut off, researchers have found. The use of macros-enabled attachments by threat actors decreased about 66 percent between October 2021 and June 2022, according to new data by Proofpoint revealed in a blog post Thursday. The beginning of the decrease coincided with Microsoft’s plan to start blocking XL4 macros by default for Excel users, followed up with the blocking of VBA macros by default across the Office suite this year. Threat actors, demonstrating their typical resilience, so far appear undaunted by the move, which marks “one of the largest email threat landscape shifts in recent history,” researchers Selena Larson, Daniel Blackford and others on the Proofpoint Threat Research Team, said in the a post.