wonderfully unique software solutions

Diverse file exploits isolated in HP-Bromium threat report for Q4

Hackers and other malicious actors could be increasingly targeting diverse files and applications, according to HP-Bromium’s threat intelligence report.

HP-Bromium’s report for Q4 2020 found threat actors moving from attacking Word documents to target spreadsheets and executable formats including EXE, XLS and XLSM, as well as messaging apps and the usual barrage of phishing emails, ransomware and trojans.

“The most effective execution techniques involved old technologies such as Excel 4.0 macros that often offer limited visibility to detection tools,” according to HP-Bromium.

“The most frequent exploit, accounting for nearly three-quarters of all exploits, was of CVE-2017-11882, a memory corruption vulnerability in Microsoft Office’s Equation Editor.”

Other common vulnerabilities and exploits included those related to remote coding or access, obfuscated files or information, and executions via application programming interfaces (APIs) — including a 12% increase in malware that exploits Microsoft Word and WordPad remote code execution vulnerability CVE-2017-0199.

“Of the threats stopped by HP Sure Click in Q4 2020, 29% were not known by hash to antivirus scanning engines when they were isolated, suggesting a high degree of sample novelty due to widespread use of packers and polymorphic and metamorphic obfuscation techniques,” writes HP-Bromium.

“On average, it took 8.8 days for samples to become known by hash to other antivirus engines.”

The number of Dridex malicious spam samples isolated surged 239% in the quarter, making it the second-most common crimeware family after phishing-focused Emotet. Dridex was originally a banking trojan but today tends to be ransomware, propagated via malicious Excel spreadsheets that download it from remote web servers.

HP Threat Research also identified a malware campaign relying on misspelled domains of popular instant messaging services; users were redirected to RigEK landing pages that included FickerStealer malware exploits of web browser and plugin vulnerabilities.

FickerStealer is a family of information-stealing malware that emerged in October 2020 on Russian-language underground forums. Its capabilities include stealing sensitive information such as passwords, browser autocomplete forms and cryptocurrency wallets,” according to HP-Bromium.

( Photo by KOBU Agency on Unsplash )

Recent Articles

Access to edtech one of four keys to schooling success

A survey by learning management system (LMS) vendor Instructure has confirmed four socio-economic factors as critical when it comes to the learning...

People still rely on myths about password security, warns Keeper

Popular misconceptions around passwords and their security could be holding workers back from achieving correct password hygiene for a solid cybersecurity posture,...

Stormshield partners deliver cybersecurity with sovereignty for ministry of defence

A decade of a national defence ministry's collaboration with Europe-based cybersecurity provider Stormshield has delivered cybersecurity improvements, without adding risk of information...

Octopus Deploy deprecates Server authentication, certifies with HashiCorp

Devops-focused config management company Octopus Deploy has rounded off November with a trio of updates -- affecting Octopus Server developers, HashiCorp Vault...

SolarWinds and HCL expand enterprise AI for IT ops partnership

Infrastructure applications vendor SolarWinds and HCL Software are expanding their work together delivering enterprise AI and ITops management offerings.

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox