Threat report finds that stealthy techniques and growing Excel malware campaigns are top trends

Published: Tuesday, 01 February 2022 10:51

HP Inc. has released its latest global HP Wolf Security Threat Insights Report, providing analysis of real-world cyber security attacks. By isolating threats that have evaded detection tools and made it to user endpoints, HP Wolf Security has specific insight into the latest techniques being used by cybercriminals.

The HP Wolf Security threat research team identified a wave of attacks utilizing Excel add-in files to spread malware, helping attackers to gain access to targets, and exposing businesses to data theft and destructive ransomware attacks. There was a huge six-fold increase (+588 percent) in attackers using malicious Microsoft Excel add-in (.xll) files to infect systems compared to the previous quarter – a technique found to be particularly dangerous as it only requires one click to run the malware. The team also found adverts for .xll dropper and malware builder kits on underground markets, which make it easier for inexperienced attackers to launch campaigns. 

Additionally, a recent QakBot spam campaign used Excel files to trick targets, using compromised email accounts to hijack email threads and reply with an attached malicious Excel (.xlsb) file. After being delivered to systems, QakBot injects itself into legitimate Windows processes to evade detection. Malicious Excel (.xls) files were also used to spread the Ursnif banking Trojan to Italian-speaking businesses and public sector organizations through a malicious spam campaign, with attackers posing as Italian courier service BRT. New campaigns spreading Emotet malware are now using Excel instead of JavaScript or Word files too.

Other key findings in the report include:

Read the report.