Malware attacks are here to stay and have a new target in its line of sight
- HP Wolf Security report highlights the latest methods and phishing lures that target employees and put businesses at risk
- According to HP Wolf Security, the number of archive files containing malware, such as LNK files, has increased by 11%
Threat actors harm people and organizations by using malicious software. Malware attacks only exist to try to exploit your device or personal information for themselves, mainly by stealing things like your online banking information. However, occasionally, malware attacks can actually represent random acts of virtual violence, like a virus that just wipes out your entire system.
Malware attacks are no joke. According to Tripwire, 82% of respondents to surveys conducted by Cybersecurity Insiders and HelpSystems for their 2021 Malware report, anticipate more ransomware and malware attacks, and another 75% are certain that this threat will cause more problems for businesses over the course of the following year.
People undoubtedly felt the increase in cyberattacks, and it appears that hackers are looking to take advantage of a fresh wave of cyber threats. A wave of cybercriminals propagating malware families, including as QakBot, IceID, Emotet, and RedLine Stealer, is switching to shortcut (LNK) files to deliver malware, according to HP Inc.’s latest release of its quarterly Threat Insights Report.
Office macros, which are increasingly being blocked by default in Office, are being replaced by shortcuts as a method for hackers to infiltrate networks by deceiving users into installing malware on their PCs. This access can be exploited to steal important company information or be sold to ransomware organizations, resulting in widespread breaches that could halt business operations and incur high remediation expenses.
Malware attacks “taking shortcuts”
According to the latest HP Wolf Security Threat Insights Report, which analyzes actual intrusions, there has been an 11% increase in the number of archive files containing malware, including LNK files. In order to avoid being detected by email scanners, attackers frequently include shortcut files in ZIP email attachments. The researchers discovered LNK malware builders for sale on hacker sites, which made it simple for cybercriminals to switch to this “macro-free” code execution method by building armed shortcut files and disseminating them around organizations.
As macros downloaded from the internet are now automatically prohibited in Office, Alex Holland, Senior Malware Analyst, HP Wolf Security threat research team, HP Inc., revealed that the team has been closely monitoring alternative execution techniques being tested out by cybercriminals. Although opening a shortcut or HTML file can appear harmless to an employee, doing so poses a serious risk to the company.
“Organizations must take steps now to protect against techniques increasingly favored by attackers or leave themselves exposed as they become pervasive. We’d recommend immediately blocking shortcut files received as email attachments or downloaded from the web where possible,” added Holland.
HP Wolf Security has unique insight into the most recent methods employed by cybercriminals by isolating risks on PCs that have eluded detection technologies. The threat research team has highlighted the following observations this quarter in addition to the rise in LNK files:
- HTML smuggling –As predicted by HP, significant events like the Doha Expo 2023 (which will draw 3M+ attendees from around the world) were used in multiple phishing attempts that employed emails impersonating regional post services to spread malware.
- Exploiting the window of vulnerability – Multiple threat actors exploited the recently discovered “Follina” zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT) to spread QakBot, Agent Tesla, and the Remcos RAT (Remote Access Trojan) before a patch was made available.
- The spread of SVCReady malware – The SVCReady malware family, which was recently discovered by HP, is unique for the peculiar method it uses to infect target PCs—shellcode that is concealed within the properties of Office documents.
Data from millions of endpoints running HP Wolf Security served as the foundation for the conclusions. To safeguard users and record specific details of attempted infections, HP Wolf Security conducts risky actions including opening email attachments, downloading data, and clicking links in isolated, micro-virtual machines (micro-VMs).
Application isolation technology from HP reduces risks that can elude other security measures and offers distinctive insights into cutting-edge intrusion methods and threat actor behavior.