The HP Wolf Safety Risk Insights Report for the third quarter (Q3 2022) claims that 44% of malware was delivered inside archive information, registering an 11% rise on the earlier quarter. Compared, 32% of malware was delivered via Workplace information resembling Microsoft Phrase, Excel, and PowerPoint throughout the identical time interval.
HP says it sourced knowledge from hundreds of thousands of endpoints working HP Wolf Safety.
HP identifies new cyber assault campaigns
The report additionally recognized campaigns that mixed using archive information with new HTML smuggling strategies to launch assaults. On this approach, cybercriminals embed malicious archive information into HTML information to bypass e-mail gateways.
The report mentions that the current QakBot and IceID campaigns used HTML information to direct customers to pretend on-line doc viewers masquerading as Adobe. When customers downloaded the ZIP file, they had been instructed to unpack the file by coming into a password and malware was deployed onto their PCs.
For the reason that malware throughout the authentic HTML file is encoded and encrypted, detection by e-mail gateway or different safety instruments turns into troublesome, the report defined.
“Archives are straightforward to encrypt, serving to risk actors to hide malware and evade net proxies, sandboxes, or e-mail scanners. This makes assaults troublesome to detect, particularly when mixed with HTML smuggling strategies. What was attention-grabbing with the QakBot and IceID campaigns was the trouble put in to creating the pretend pages – these campaigns had been extra convincing than what we’ve seen earlier than, making it onerous for folks to know what information they’ll and may’t belief,” mentioned Alex Holland, Senior Malware Analyst, HP Wolf Safety risk analysis staff at HP Inc.
HP says it recognized one other marketing campaign during which cyber attackers change the payload (spy ware, ransomware, keylogger) mid-campaign, and even introduce new options relying on the goal they’ve breached.