Threat report finds that stealthy techniques and growing Excel malware campaigns are top trends
- Published: Tuesday, 01 February 2022 10:51
HP Inc. has released its latest global HP Wolf Security Threat Insights Report, providing analysis of real-world cyber security attacks. By isolating threats that have evaded detection tools and made it to user endpoints, HP Wolf Security has specific insight into the latest techniques being used by cybercriminals.
The HP Wolf Security threat research team identified a wave of attacks utilizing Excel add-in files to spread malware, helping attackers to gain access to targets, and exposing businesses to data theft and destructive ransomware attacks. There was a huge six-fold increase (+588 percent) in attackers using malicious Microsoft Excel add-in (.xll) files to infect systems compared to the previous quarter – a technique found to be particularly dangerous as it only requires one click to run the malware. The team also found adverts for .xll dropper and malware builder kits on underground markets, which make it easier for inexperienced attackers to launch campaigns.
Other key findings in the report include:
- 13 percent of email malware isolated had bypassed at least one email gateway scanner.
- Attackers used 136 different file extensions in their attempts to infect organizations.
- 77 percent of malware detected was delivered via email, while web downloads were responsible for 13 percent.
- The most common attachments used to deliver malware were documents (29 percent), archives (28 percent), executables (21 percent), spreadsheets (20 percent).
- The most common phishing lures were related to the New Year or business transactions such as ‘Order’, ‘2021/2022’, ‘Payment’, ‘Purchase’, ‘Request’ and ‘Invoice’.