wonderfully unique software solutions

Diverse file exploits isolated in HP-Bromium threat report for Q4

Hackers and other malicious actors could be increasingly targeting diverse files and applications, according to HP-Bromium’s threat intelligence report.

HP-Bromium’s report for Q4 2020 found threat actors moving from attacking Word documents to target spreadsheets and executable formats including EXE, XLS and XLSM, as well as messaging apps and the usual barrage of phishing emails, ransomware and trojans.

“The most effective execution techniques involved old technologies such as Excel 4.0 macros that often offer limited visibility to detection tools,” according to HP-Bromium.

“The most frequent exploit, accounting for nearly three-quarters of all exploits, was of CVE-2017-11882, a memory corruption vulnerability in Microsoft Office’s Equation Editor.”

Other common vulnerabilities and exploits included those related to remote coding or access, obfuscated files or information, and executions via application programming interfaces (APIs) — including a 12% increase in malware that exploits Microsoft Word and WordPad remote code execution vulnerability CVE-2017-0199.

“Of the threats stopped by HP Sure Click in Q4 2020, 29% were not known by hash to antivirus scanning engines when they were isolated, suggesting a high degree of sample novelty due to widespread use of packers and polymorphic and metamorphic obfuscation techniques,” writes HP-Bromium.

“On average, it took 8.8 days for samples to become known by hash to other antivirus engines.”

The number of Dridex malicious spam samples isolated surged 239% in the quarter, making it the second-most common crimeware family after phishing-focused Emotet. Dridex was originally a banking trojan but today tends to be ransomware, propagated via malicious Excel spreadsheets that download it from remote web servers.

HP Threat Research also identified a malware campaign relying on misspelled domains of popular instant messaging services; users were redirected to RigEK landing pages that included FickerStealer malware exploits of web browser and plugin vulnerabilities.

FickerStealer is a family of information-stealing malware that emerged in October 2020 on Russian-language underground forums. Its capabilities include stealing sensitive information such as passwords, browser autocomplete forms and cryptocurrency wallets,” according to HP-Bromium.

( Photo by KOBU Agency on Unsplash )

Recent Articles

JFrog gets jump on Defense and threat intelligence designation

Developer tools company JFrog has achieved US Defense security certification for its Artifactory and Xray products, ahead of authorisation for its greater...

LastPass by LogMeIn polishes up password manager for consumers and business

LastPass has announced a slew of enhancements to its password manager software, including account recovery, save-and-fill, and onboarding improvements.

TeamViewer to deliver AR on Google Glass for the enterprise

Germany-based TeamViewer and Google Cloud have agreed a deal for the remote connectivity platform vendor to provide its enterprise-focused augmented reality (AR)...

Upgrading to Windows 11? Don’t forget your backup and PC check

Microsoft might be heavily promoting its latest operating system, Windows 11, everywhere online -- but perhaps don't rush to upgrade unless the...

Foxit adds to e-signature capabilities, acquiring eSign Genie

PDF editing software vendor Foxit has purchased an e-documentation rival, eSign Genie, for an undisclosed amount. Phil Lee, chief...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox