Emotet rockets into pole posit

PALO ALTO, Calif., May 12, 2022 (GLOBE NEWSWIRE) — HP Inc. (: HPQ) today announced that the HP Wolf Security threat research team has identified a 27-fold increase in detections resulting from Emotet malicious spam campaigns in Q1 2022, compared to Q4 2021 – when Emotet first made its reappearance. The latest global HP Wolf Security Threat Insights Report – which provides analysis of real-world cybersecurity attacks – shows that Emotet has bolted up 36 places to become the most common malware family detected this quarter (representing 9% of all malware captured). One of these campaigns – which was targeted at Japanese organizations and involved email thread hijacking to trick recipients into infecting their PCs – was largely responsible for an 879% increase in .XLSM (Microsoft Excel) malware samples captured compared to the previous quarter.

By isolating threats that have evaded detection tools and made it to user endpoints, HP Wolf Security has specific insight into the latest techniques being used by cybercriminals. Notable examples include:

  • Stealthy alternatives to malicious Microsoft Office documents growing popular, as macros start being phased out: As Microsoft has begun disabling macros, HP has seen a rise in non-Office-based formats, including malicious Java Archive files (+476%) and JavaScript files (+42%) compared to last quarter. Such attacks are harder for organizations to defend against because detection rates for these file types are often low, increasing the chance of infection.
  • Signs indicate HTML smuggling on the rise: The median file size of HTML threats grew from 3KB to 12KB, suggesting a rise in the use of HTML smuggling, a technique where cybercriminals embed malware directly into HTML files to bypass email gateways and evade detection, before gaining access and stealing critical financial information. Recent campaigns were seen targeting Latin American and African banks.
  • “Two for One” malware campaign leads to multiple RAT infections: A Visual Basic script attack was found being used to kick start a kill chain resulting in multiple infections on the same device, giving attackers persistent access to victims’ systems with VW0rm, NjRAT and…