wonderfully unique software solutions

Diverse file exploits isolated in HP-Bromium threat report for Q4

Hackers and other malicious actors could be increasingly targeting diverse files and applications, according to HP-Bromium’s threat intelligence report.

HP-Bromium’s report for Q4 2020 found threat actors moving from attacking Word documents to target spreadsheets and executable formats including EXE, XLS and XLSM, as well as messaging apps and the usual barrage of phishing emails, ransomware and trojans.

“The most effective execution techniques involved old technologies such as Excel 4.0 macros that often offer limited visibility to detection tools,” according to HP-Bromium.

“The most frequent exploit, accounting for nearly three-quarters of all exploits, was of CVE-2017-11882, a memory corruption vulnerability in Microsoft Office’s Equation Editor.”

Other common vulnerabilities and exploits included those related to remote coding or access, obfuscated files or information, and executions via application programming interfaces (APIs) — including a 12% increase in malware that exploits Microsoft Word and WordPad remote code execution vulnerability CVE-2017-0199.

“Of the threats stopped by HP Sure Click in Q4 2020, 29% were not known by hash to antivirus scanning engines when they were isolated, suggesting a high degree of sample novelty due to widespread use of packers and polymorphic and metamorphic obfuscation techniques,” writes HP-Bromium.

“On average, it took 8.8 days for samples to become known by hash to other antivirus engines.”

The number of Dridex malicious spam samples isolated surged 239% in the quarter, making it the second-most common crimeware family after phishing-focused Emotet. Dridex was originally a banking trojan but today tends to be ransomware, propagated via malicious Excel spreadsheets that download it from remote web servers.

HP Threat Research also identified a malware campaign relying on misspelled domains of popular instant messaging services; users were redirected to RigEK landing pages that included FickerStealer malware exploits of web browser and plugin vulnerabilities.

FickerStealer is a family of information-stealing malware that emerged in October 2020 on Russian-language underground forums. Its capabilities include stealing sensitive information such as passwords, browser autocomplete forms and cryptocurrency wallets,” according to HP-Bromium.

( Photo by KOBU Agency on Unsplash )

Recent Articles

HR workflows take off with DocuSign eSignature at United Airlines

An airline with some 87,000 employees to manage has streamlined human resources (HR) management and processes with e-signature software from DocuSign.

Foxit expands AI integration and distribution of its PDF editor suites

PDF editing software vendor Foxit has expanded its generative-AI integration for PDF as well as announcing a new software licensing agreement and...

TeamViewer Tensor supports remote workers at commodities firm

Asset management consultancy Hartree Partners adopted TeamViewer Tensor as a key tool in the scaling of its remote business operations, covering some...

On-the-job learning engagement rates highly in Vyond/TalentLMS survey

Insufficient on-the-job training may be a deal-breaker for many staff when it comes to whether to leave their employer, a vendor survey...

JetBrains TeamCity eases CI/CD admin for devops teams

Dev tools company JetBrains has released Terraform Provider for TeamCity with a view to improving systems administration capabilities for CI/CD projects.

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox