Archive file formats such as ZIP and RAR were the most common file type for delivering malware and launching cyber attacks, a new report has said. It also notes that this is the first time in three years that this method has surpassed Office files as a mode for disseminating malware.
The HP Wolf Security Threat Insights Report for the third quarter (Q3 2022) claims that 44% of malware was delivered inside archive files, registering an 11% rise on the previous quarter. In comparison, 32% of malware was delivered through Office files such as Microsoft Word, Excel, and PowerPoint during the same time period.
HP says it sourced data from millions of endpoints running HP Wolf Security.
HP identifies new cyber attack campaigns
The report also identified campaigns that combined the use of archive files with new HTML smuggling techniques to launch attacks. In this technique, cybercriminals embed malicious archive files into HTML files to bypass email gateways.
The report mentions that the recent QakBot and IceID campaigns used HTML files to direct users to fake online document viewers masquerading as Adobe. When users downloaded the ZIP file, they were instructed to unpack the file by entering a password and malware was deployed onto their PCs.
Since the malware within the original HTML file is encoded and encrypted, detection by email gateway or other security tools becomes difficult, the report explained.
“Archives are easy to encrypt, helping threat actors to conceal malware and evade web proxies, sandboxes, or email scanners. This makes attacks difficult to detect, especially when combined with HTML smuggling techniques. What was interesting with the QakBot and IceID campaigns was the effort put in to creating the fake pages – these campaigns were more convincing than what we’ve seen before, making it hard for people to know what files they can and can’t trust,” said Alex Holland, Senior Malware Analyst, HP Wolf Security threat research team at HP Inc.
HP says it identified another campaign in which cyber attackers change the payload (spyware, ransomware, keylogger) mid-campaign, or even introduce new features depending on the target they have breached.
The HP Wolf Security Threat Insights Report for the third quarter (Q3 2022) claims that 44% of malware was delivered inside archive files, registering an 11% rise on the previous quarter. In comparison, 32% of malware was delivered through Office files such as Microsoft Word, Excel, and PowerPoint during the same time period.
HP says it sourced data from millions of endpoints running HP Wolf Security.
HP identifies new cyber attack campaigns
The report also identified campaigns that combined the use of archive files with new HTML smuggling techniques to launch attacks. In this technique, cybercriminals embed malicious archive files into HTML files to bypass email gateways.
The report mentions that the recent QakBot and IceID campaigns used HTML files to direct users to fake online document viewers masquerading as Adobe. When users downloaded the ZIP file, they were instructed to unpack the file by entering a password and malware was deployed onto their PCs.
Since the malware within the original HTML file is encoded and encrypted, detection by email gateway or other security tools becomes difficult, the report explained.
“Archives are easy to encrypt, helping threat actors to conceal malware and evade web proxies, sandboxes, or email scanners. This makes attacks difficult to detect, especially when combined with HTML smuggling techniques. What was interesting with the QakBot and IceID campaigns was the effort put in to creating the fake pages – these campaigns were more convincing than what we’ve seen before, making it hard for people to know what files they can and can’t trust,” said Alex Holland, Senior Malware Analyst, HP Wolf Security threat research team at HP Inc.
HP says it identified another campaign in which cyber attackers change the payload (spyware, ransomware, keylogger) mid-campaign, or even introduce new features depending on the target they have breached.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsBit.us is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
