Science and Tech

44% of malware is distributed via ZIP files, which surpass Office files as the most malicious

ZIP files are the most common for malware distribution according to a study by HP Wolf Security.


ZIP files are the most common for malware distribution according to a study by HP Wolf Security.

Dec. 20 (Portaltic/EP) –

44 percent of malware distributed during the third quarter of this year has been found inside ZIP and RAR archiveswhich have become the most common files for the distribution of this type of malicious ‘software’, to the point that they have exceeded the number of attacks carried out through Office files for the first time in three years, according to a report by HP Wolf Security.

The study, conducted by the US technology company HP, has been based on the data collected from devices running the HP Wolf Security solution. As a result, they have identified attack campaigns that combine the use of compressed files with new HTML smuggling techniques.

To carry out these attacks, cybercriminals embed malicious compressed files in other HTML, so that circumvent security solutions provided in emailas well as the proxy or sandbox, as HP has reported in a statement.

Thus, the Attacks through compressed files are consolidated as the most common malware distribution (44 percent), that is, 11 percent more than in the previous quarter. Based on it, exceeds the distribution of malicious content to through Office files such as Microsoft Word, Excel and Power Point (32 percent).

Until now, virus distribution via Office files was the most common method, but for the first time in three yearsmore malware distributions have been identified through ZIP and RAR files.

An example of campaigns of this style are those of QakBot and IceIDin which cybercriminals used HTML files to direct users to fake ‘online’ document viewers posing as an Adobe program. After opening the document, users were required to click on the ZIP file and enter a password in order to unzip the files. By doing so, the malware was deployed on their computers.

To carry out the attack, the cybercriminal uses social engineering to deceive the user by means of the creating a compelling website and well designed. In fact, to gain your trust, these scammers use fake google drive pages, as stated in this report.

In this regard, the principal malware analyst of the HP Wolf Security threat research team, Alex Holland, He has insisted that what is interesting about the QakBot and IceID campaigns has been the effort made to create the fake pages. “These campaigns were more compelling than any we’d seen before.which makes it difficult for people to know which files they can trust and which ones they can’t,” he said.

On the other hand, HP has also pointed out in this study that it came to identify a attack campaign that works by using a modular infection chain. These types of attacks have complex charactergiven that allows attackers to change attack method based on target that you have broken or introduce new features while it is running.

Thus, cybercriminals could attack with spyware to share user information with an external entity, or switch to ransomware and hijack user data, depending on their target. In addition, they can introduce new features such as geo-fencing, whose technology uses the location provided by GPS and data usage from a mobile device.

Likewise, the company has pointed out that, by not introducing the malware directly into the attachment sent to the target, it is more difficult to detect this type of attack.

HP WOLF SECURITY

What solution to these attacksthe Global Head of Security for Personal Systems at HP, Ian Pratt, proposes the use of Zero Trust application isolation technology used by HP Wolf Security.

This technology execute risky tasks, such as opening email attachments, downloading files, and clicking links, on isolated microvirtual machines (micro-VMs). In this way, it protects users by capturing detailed traces of attack attempts.

“Organizations can use microvirtualization to ensure that potentially malicious tasks, such as clicking on links or opening malicious attachments, run on a disposable virtual machine separate from the underlying systems,” has indicated.

This process is “completely invisible to the user” and allows the system to catch “any malware hidden inside, ensuring that attackers do not have access to sensitive data and preventing them from accessing and moving laterally,” explained Ian Pratt.

With this technology, HP isolates threats on computers that have eluded detection tools. Thus, HP Wolf Security has specific insight into the latest techniques used by cybercriminals. These data indicate that, to date, HP customers have clicked on more than 18 billion email attachmentsweb pages and files downloaded without any violations being registered.

Source link