Emotet Takes Malware Top Position in Q1 2022 – Online Portal by IT Management

Emotet Takes Malware Top Position in Q1 2022 – Online Portal by IT Management
Written by insideindyhomes

HP Inc. presents the results of the HP Wolf Security Threat Insights Report for the first quarter of 2022: Compared to the fourth quarter of 2021, the research team found a 27 percent increase in threats from malicious Emotet spam campaigns – this quarter Emotet first appeared.

The latest global HP Wolf Security Threat Insights Report – which includes analysis of real-world cybersecurity attacks – shows that emotet moved up 36 spots in the threat ranking. This makes the malware one of the most frequently detected malware families this quarter, accounting for nine percent of all detected malware cases. A large-scale attack campaign targeted Japanese companies and included email thread hijacking to infect recipients’ PCs. The campaign was largely responsible for an 879% increase in captured .XLSM (Microsoft Excel) malware samples compared to the previous quarter.

HP Wolf Security isolates threats that have gone undetected by detection engines and made their way to user endpoints. This enables specific insights into the latest techniques used by cyber criminals. Examples include, but are not limited to:

Camouflaged alternatives to malicious Microsoft Office documents are gaining popularity as Microsoft continuously disables macros. Along with this, HP is seeing an increase in non-Office-based formats, including malicious Java archive files (+476 percent) and JavaScript files (+42 percent), compared to the previous quarter. Such attacks are more difficult for companies to defend against.

HTML smuggling is on the rise: The average file size of HTML threats increased from 3 KB to 12 KB, indicating an increase in HTML smuggling. With this technique, cybercriminals embed malware directly into HTML files, allowing them to bypass email gateways and avoid detection before gaining access and stealing important data. Recent campaigns have targeted Latin American and African banks.

Two for One” malware campaign results in multiple RAT (Remote Access Trojan) infections: An attack with a Visual Basic script was used to start a kill chain. This led to multiple infections on the same device and allowed attackers persistent access to victims’ systems using VW0rm, NjRAT, and AsyncRAT.

“Q1 data shows that this is by far the largest activity we’ve seen from Emotet since the malware family first emerged in early 2021 – a clear sign that their operators are regrouping, their strength back.” build and invest in the growth of the botnet. Emotet was once described by CISA as one of the most destructive and costly malware to fix. Its operators often collaborate with ransomware groups – a pattern that is likely to continue. So their re-emergence is bad news for businesses and the public sector alike,” said Alex Holland, Senior Malware Analyst, HP Wolf Security Threat Research Team, HP Inc implementing macro shutdowns in April, or simply because people still have macros enabled and can be tricked into clicking the wrong thing.”

The study results are based on data from millions of endpoints running HP Wolf Security. HP Wolf Security detects malware by opening risky tasks in isolated, micro-virtual machines (micro-VMs) – this way users are protected. In addition, the entire chain of infection can be traced and recorded. Threats that other security tools do not detect are defused in this way. To date, HP customers have clicked on more than 18 billion email attachments, web pages, and downloads without a violation being reported. The data offers unique insights into how threat actors use malware.

Other key findings from the report include:

  • Nine percent of threats were undetected at the time of isolation. 14 percent of quarantined email malware bypassed at least one email gateway scanner.
  • On average, it took over three days (79 hours) for other security tools to find them.
  • Office file formats accounted for 45 percent of the malware quarantined by HP Wolf Security.
  • The threats used 545 different malware families in their attempts to infect organizations – with Emotet, AgentTesla and Nemucod being the top three.
  • An exploit for the Microsoft Equation Editor (CVE-2017-11882) accounted for 18 percent of all malicious patterns detected.
  • 69 percent of the detected malware was distributed via email, 18 percent was via web downloads. The most common attachments used to distribute malware were spreadsheets (33 percent), executable files and scripts (29 percent), archives (22 percent), and documents (11 percent).
  • The most common phishing lures were business transactions such as “order”, “payment”, “purchase”, “enquiry” and “invoice”.

“During the quarter, we saw a significant 27 percent increase in threats detected by HP Wolf Security. Cyber ​​criminals regularly adapt their methods to changes in the IT landscape. For this reason, the scope and variety of attacks continue to increase – making it increasingly difficult for conventional tools to detect attacks,” says Dr. Ian Pratt, Global Head of Security Personal Systems, HP Inc. “With the proliferation of alternative file types and detection evasion techniques, organizations need to change course and adopt a multi-layered approach to endpoint security. Applying the principle of least privilege and isolating the most common threat vectors—from email, browsers, or downloads—renders malware delivered through those vectors harmless. This significantly reduces the risk of cyber threats for companies.”

Data was collected anonymously using HP Wolf Security customers’ VMs from January to March 2022.

#Emotet #Takes #Malware #Top #Position #Online #Portal #Management

About the author


Leave a Comment