Thursday, February 2, 2023
HomeTechnologyHP says these two widespread file varieties are most utilized by hackers

HP says these two widespread file varieties are most utilized by hackers

Archive file codecs resembling ZIP and RAR had been the commonest file kind for delivering malware and launching cyber assaults, a brand new report has mentioned. It additionally notes that that is the primary time in three years that this technique has surpassed Workplace information as a mode for disseminating malware.
The HP Wolf Safety Risk Insights Report for the third quarter (Q3 2022) claims that 44% of malware was delivered inside archive information, registering an 11% rise on the earlier quarter. Compared, 32% of malware was delivered via Workplace information resembling Microsoft Phrase, Excel, and PowerPoint throughout the identical time interval.
HP says it sourced knowledge from hundreds of thousands of endpoints working HP Wolf Safety.
HP identifies new cyber assault campaigns
The report additionally recognized campaigns that mixed using archive information with new HTML smuggling strategies to launch assaults. On this approach, cybercriminals embed malicious archive information into HTML information to bypass e-mail gateways.
The report mentions that the current QakBot and IceID campaigns used HTML information to direct customers to pretend on-line doc viewers masquerading as Adobe. When customers downloaded the ZIP file, they had been instructed to unpack the file by coming into a password and malware was deployed onto their PCs.
For the reason that malware throughout the authentic HTML file is encoded and encrypted, detection by e-mail gateway or different safety instruments turns into troublesome, the report defined.
“Archives are straightforward to encrypt, serving to risk actors to hide malware and evade net proxies, sandboxes, or e-mail scanners. This makes assaults troublesome to detect, particularly when mixed with HTML smuggling strategies. What was attention-grabbing with the QakBot and IceID campaigns was the trouble put in to creating the pretend pages – these campaigns had been extra convincing than what we’ve seen earlier than, making it onerous for folks to know what information they’ll and may’t belief,” mentioned Alex Holland, Senior Malware Analyst, HP Wolf Safety risk analysis staff at HP Inc.
HP says it recognized one other marketing campaign during which cyber attackers change the payload (spy ware, ransomware, keylogger) mid-campaign, and even introduce new options relying on the goal they’ve breached.

Source link



Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular