wonderfully unique software solutions

Diverse file exploits isolated in HP-Bromium threat report for Q4

Hackers and other malicious actors could be increasingly targeting diverse files and applications, according to HP-Bromium’s threat intelligence report.

HP-Bromium’s report for Q4 2020 found threat actors moving from attacking Word documents to target spreadsheets and executable formats including EXE, XLS and XLSM, as well as messaging apps and the usual barrage of phishing emails, ransomware and trojans.

“The most effective execution techniques involved old technologies such as Excel 4.0 macros that often offer limited visibility to detection tools,” according to HP-Bromium.

“The most frequent exploit, accounting for nearly three-quarters of all exploits, was of CVE-2017-11882, a memory corruption vulnerability in Microsoft Office’s Equation Editor.”

Other common vulnerabilities and exploits included those related to remote coding or access, obfuscated files or information, and executions via application programming interfaces (APIs) — including a 12% increase in malware that exploits Microsoft Word and WordPad remote code execution vulnerability CVE-2017-0199.

“Of the threats stopped by HP Sure Click in Q4 2020, 29% were not known by hash to antivirus scanning engines when they were isolated, suggesting a high degree of sample novelty due to widespread use of packers and polymorphic and metamorphic obfuscation techniques,” writes HP-Bromium.

“On average, it took 8.8 days for samples to become known by hash to other antivirus engines.”

The number of Dridex malicious spam samples isolated surged 239% in the quarter, making it the second-most common crimeware family after phishing-focused Emotet. Dridex was originally a banking trojan but today tends to be ransomware, propagated via malicious Excel spreadsheets that download it from remote web servers.

HP Threat Research also identified a malware campaign relying on misspelled domains of popular instant messaging services; users were redirected to RigEK landing pages that included FickerStealer malware exploits of web browser and plugin vulnerabilities.

FickerStealer is a family of information-stealing malware that emerged in October 2020 on Russian-language underground forums. Its capabilities include stealing sensitive information such as passwords, browser autocomplete forms and cryptocurrency wallets,” according to HP-Bromium.

( Photo by KOBU Agency on Unsplash )

Recent Articles

How remote connectivity can empower education – with RealVNC

Simplified classroom management, effective communication, and cost-effectiveness are desirable in education institutions from schools to universities, with digital solutions for distributed learning...

ShareGate answers questions on Copilot and M365 sprawl

Microsoft 365 (M365) with Copilot broadens and deepens capabilities that can enhance productivity in multiple ways but can also increase sprawl and...

Steel company deployed CoreView to head off potential delays post-acquisition

When integrating M&A driven expansion, Italian steel processing firm Marcegaglia implemented CoreView to minimise potential account migration problems from confusion to data...

Delinea meets ransomware comeback with acquisitions, further innovation

Cybercriminals appear to have doubled down on ransomware attacks again in the year, with a stealthier approach evident as well as a...

SCORM compliance and why it matters for e-learning

Learning management systems (LMS) and e-training content that comply with the Shareable Content Object Reference Model (SCORM) help ensure consistency across corporate...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox