IT disaster recovery, cloud computing and information security news

Threat report finds that stealthy techniques and growing Excel malware campaigns are top trends

HP Inc. has released its latest global HP Wolf Security Threat Insights Report, providing analysis of real-world cyber security attacks. By isolating threats that have evaded detection tools and made it to user endpoints, HP Wolf Security has specific insight into the latest techniques being used by cybercriminals.

The HP Wolf Security threat research team identified a wave of attacks utilizing Excel add-in files to spread malware, helping attackers to gain access to targets, and exposing businesses to data theft and destructive ransomware attacks. There was a huge six-fold increase (+588 percent) in attackers using malicious Microsoft Excel add-in (.xll) files to infect systems compared to the previous quarter – a technique found to be particularly dangerous as it only requires one click to run the malware. The team also found adverts for .xll dropper and malware builder kits on underground markets, which make it easier for inexperienced attackers to launch campaigns. 

Additionally, a recent QakBot spam campaign used Excel files to trick targets, using compromised email accounts to hijack email threads and reply with an attached malicious Excel (.xlsb) file. After being delivered to systems, QakBot injects itself into legitimate Windows processes to evade detection. Malicious Excel (.xls) files were also used to spread the Ursnif banking Trojan to Italian-speaking businesses and public sector organizations through a malicious spam campaign, with attackers posing as Italian courier service BRT. New campaigns spreading Emotet malware are now using Excel instead of JavaScript or Word files too.

Other key findings in the report include:

  • 13 percent of email malware isolated had bypassed at least one email gateway scanner.
  • Attackers used 136 different file extensions in their attempts to infect organizations.
  • 77 percent of malware detected was delivered via email, while web downloads were responsible for 13 percent.
  • The most common attachments used to deliver malware were documents (29 percent), archives (28 percent), executables (21 percent), spreadsheets (20 percent).
  • The most common phishing lures were related to the New Year or business transactions such as ‘Order’, ‘2021/2022’, ‘Payment’, ‘Purchase’, ‘Request’ and ‘Invoice’.

Read the report.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.