Tag Archive for: Malware
Notorious botnet Emotet has held on to its spot as the most widely used malware, according to the latest Global Threat Index from Check Point Research (CPR).
The news comes despite a 50% drop in its global impact in July compared to June. CPR estimates that it affects 7% of organisations worldwide.
In addition, CPR warned that the botnet has added new features and capabilities, such as its latest credit card stealer module developed, and adjustments done in its spreading systems.
Emotet’s popularity comes in spite of its previous ‘deletion’ from the internet. As part of a major police operation at the start of 2021, infrastructure used to deliver the botnet was seized and people accused of being behind it were arrested.
This led to an update being delivered to all infected machines to disable Emotet and its control servers were terminated.
Authorities hoped that this would lead to the death of one of the most prolific botnets in the world, estimated to be operating on around one million devices around the world.
However, it has resurged and regained its position as the top malware threat.
Other than Emotet, CPR identified several other movements in the global malware ecosystem in July.
Formbook is the second most prevalent form of malware, affecting 3% of organisations worldwide. First detected in 2016, this infostealer targets Windows OS where it harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files.
Snake Keylogger, a credential stealer, fall from third to eighth place. The month before, it was being spread via malicious Word documents so the decrease in its prevalence could be due in part to Microsoft’s recent confirmation that it will block macros by default.
Replacing it in third place is XMRig, an open-source CPU software used to mine cryptocurrency – this indicates that cybercriminals are fundamentally ‘in it for the money’ despite any higher motivations they may claim, such as hacktivism.
Malibot, which was new to CPR’s report last month, remains a threat to users of mobile banking as it is still the third most prevalent mobile…
A wave of cybercriminals spreading malware families – including QakBot, IceID, Emotet, and RedLine Stealer – are shifting to shortcut (LNK) files for email malware delivery. Shortcuts are replacing Office macros – which are starting to be blocked by default in Office – as a way for attackers to get a foothold within networks by tricking users into infecting their PCs with malware.
Keeping up with changes in the email threat landscape
HP Wolf Security’s Q2 2022 Threat Insights Report – which provides analysis of real-world cyberattacks – shows an 11% rise in archive files containing malware, including LNK files. Attackers often place shortcut files in ZIP email attachments, to help them evade email scanners.
The team also spotted LNK malware builders available for purchase on hacker forums, making it easy for cybercriminals to shift to this “macro-free” code execution technique by creating weaponized shortcut files and spreading them to businesses.
“Organizations must take steps now to protect against techniques increasingly favored by attackers or leave themselves exposed as they become pervasive. We’d recommend immediately blocking shortcut files received as email attachments or downloaded from the web where possible,” says Alex Holland, Senior Malware Analyst, HP Wolf Security threat research team, HP Inc.
In addition to the increase in LNK files, the threat research team have highlighted the following malware delivery / detection evasion techniques employed by attackers:
HTML smuggling reaches critical mass – HP identified several phishing campaigns using emails posing as regional post services or major events like Doha Expo 2023 (which will attract 3M+ global attendees) that used HTML smuggling for malware delivery. Using this technique, dangerous file types that would otherwise be blocked by email gateways can be smuggled into organizations and lead to malware infections.
Attackers exploit the window of vulnerability created by the Follina CVE-2022-30190 zero-day vulnerability – Following its disclosure, multiple threat actors exploited the recent zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT) – dubbed “(
As if the financial and payments industries required further confirmation that bad actors are outpacing most business network security in their sophistication, a new report found that there has been a growing spike in malware using “shortcuts” to get past email gateways and into stored data.
HP Inc.’s most recent HP Wolf Security Threat Insights Report, released Wednesday, reviewed the increasing rise in the second quarter of this year in the spread of multiple malware families — including QakBot, IceID, Emotet, and RedLine Stealer — across several key sectors.
Not surprisingly, slick, experienced threat actors are shifting their focus more and more to using so-called “shortcut” or LNK files to deliver their malware more quickly, the report noted. Perhaps more troubling, the research identified an 11% jump in the number of enterprises’ archive files that contained malware, including LNK files placed there by attackers via compressed email attachments to help them evade email scanners.
Indeed, even in regulated industries known for protecting their internal security and privacy — like financial services — the report found that 14% of email-related malware discovered in companies’ systems had slipped past at least one email gateway security scan in the second quarter of 2022. Further, nearly 7 out of 10 (69%) malware payloads are delivered via email, compared with just 17% that originate from web downloads, according to HP’s findings.
Patrick Schläpfer, malware analyst at HP Inc., said that threat actors’ capabilities to sneak past ostensibly sophisticated endpoint security, like network email scanners, so frequently should definitely provide a wake-up call to many financial cyber experts.
“This indicates that malicious and stealthy email campaigns employees across the finance and payments industries are reaching user inboxes and putting organizations at risk of attack,” he pointed out.
The number of malware families that were discovered has only bumped up a little — with 593 different…