Malware is increasingly bypassing at least one email gateway at organizations

An employee at a tech startup company works on his computer on the first day back in the office on March 24, 2021, in San Francisco.(Photo by Justin Sullivan/Getty Images)

As if the financial and payments industries required further confirmation that bad actors are outpacing most business network security in their sophistication, a new report found that there has been a growing spike in malware using “shortcuts” to get past email gateways and into stored data.

HP Inc.’s most recent HP Wolf Security Threat Insights Report, released Wednesday, reviewed the increasing rise in the second quarter of this year in the spread of multiple malware families — including QakBot, IceID, Emotet, and RedLine Stealer — across several key sectors.

Not surprisingly, slick, experienced threat actors are shifting their focus more and more to using so-called “shortcut” or LNK files to deliver their malware more quickly, the report noted. Perhaps more troubling, the research identified an 11% jump in the number of enterprises’ archive files that contained malware, including LNK files placed there by attackers via compressed email attachments to help them evade email scanners.

Indeed, even in regulated industries known for protecting their internal security and privacy — like financial services — the report found that 14% of email-related malware discovered in companies’ systems had slipped past at least one email gateway security scan in the second quarter of 2022. Further, nearly 7 out of 10 (69%) malware payloads are delivered via email, compared with just 17% that originate from web downloads, according to HP’s findings.

Patrick Schläpfer, malware analyst at HP Inc., said that threat actors’ capabilities to sneak past ostensibly sophisticated endpoint security, like network email scanners, so frequently should definitely provide a wake-up call to many financial cyber experts.

“This indicates that malicious and stealthy email campaigns employees across the finance and payments industries are reaching user inboxes and putting organizations at risk of attack,” he pointed out.

The number of malware families that were discovered has only bumped up a little — with 593 different…