wonderfully unique software solutions

Diverse file exploits isolated in HP-Bromium threat report for Q4

Hackers and other malicious actors could be increasingly targeting diverse files and applications, according to HP-Bromium’s threat intelligence report.

HP-Bromium’s report for Q4 2020 found threat actors moving from attacking Word documents to target spreadsheets and executable formats including EXE, XLS and XLSM, as well as messaging apps and the usual barrage of phishing emails, ransomware and trojans.

“The most effective execution techniques involved old technologies such as Excel 4.0 macros that often offer limited visibility to detection tools,” according to HP-Bromium.

“The most frequent exploit, accounting for nearly three-quarters of all exploits, was of CVE-2017-11882, a memory corruption vulnerability in Microsoft Office’s Equation Editor.”

Other common vulnerabilities and exploits included those related to remote coding or access, obfuscated files or information, and executions via application programming interfaces (APIs) — including a 12% increase in malware that exploits Microsoft Word and WordPad remote code execution vulnerability CVE-2017-0199.

“Of the threats stopped by HP Sure Click in Q4 2020, 29% were not known by hash to antivirus scanning engines when they were isolated, suggesting a high degree of sample novelty due to widespread use of packers and polymorphic and metamorphic obfuscation techniques,” writes HP-Bromium.

“On average, it took 8.8 days for samples to become known by hash to other antivirus engines.”

The number of Dridex malicious spam samples isolated surged 239% in the quarter, making it the second-most common crimeware family after phishing-focused Emotet. Dridex was originally a banking trojan but today tends to be ransomware, propagated via malicious Excel spreadsheets that download it from remote web servers.

HP Threat Research also identified a malware campaign relying on misspelled domains of popular instant messaging services; users were redirected to RigEK landing pages that included FickerStealer malware exploits of web browser and plugin vulnerabilities.

FickerStealer is a family of information-stealing malware that emerged in October 2020 on Russian-language underground forums. Its capabilities include stealing sensitive information such as passwords, browser autocomplete forms and cryptocurrency wallets,” according to HP-Bromium.

( Photo by KOBU Agency on Unsplash )

Recent Articles

TeamViewer teams up with SAP for industrial AR applications

Remote-connectivity provider TeamViewer has announced a partnership that will include integration of its augmented-reality (AR) software with enterprise SAP to enable remote...

Hitachi takes finger vein biometrics to Africa with iPulse partnership

Hitachi Security Business Group has inked a channel partner deal with South Africa's iPulse Systems to distribute Hitachi's VeinID biometrics kit across...

Expanding smartphone use makes mobile web critical: BrowserStack

Smartphone sales are continuing to soar globally with user numbers forecast to keep rising for the next four years -- highlighting a...

Credential theft and insider attacks commonplace in last 12 months, says ThycoticCentrify

Around half of US respondents to a small ThycoticCentrify poll indicate either that privileged credentials were stolen from their organisation or that...

SmartBear looks to pan-European expansion via QBS distribution

Ireland-headquartered testing software firm SmartBear has sealed a deal with distributor QBS to target Europe and UK growth via the latter's expanding...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox