A newly released threat report disclosed that over a quarter (29%) of threats identified in Q4 2020 are new threats that have never been seen before. The telemetry data was captured by HP Inc. to analyze or detect malware by using micro-VMs.
What’s in the report?
The Quarterly Threat Insights Report by Hp Inc. was compiled from data collected from global customers’ Sure Click virtual machines from October to December 2020, and it reveals several interesting trends about cyber attacks.
To develop new malware, attackers were seen leveraging malware kits such as APOMacroSploit, which are now available at a price tag of $50.
The widespread use of packers and obfuscation methods (DOSfuscation in Emotet downloaders) is also the reason behind malicious codes staying undetected for long.
Around 88% of threats were propagated via email, and it took a total of nine days on average for AV engines to detect their hash. The remaining 12% of threats were propagated via web downloads.
Fake invoice attachments were used as the most common lure.
Trojans accounted for 66% of malware in that period, mostly driven by spam campaigns spreading Dridex.
Additional trends and threats
The report highlighted several additional trends observed between Q4 2020.
The most frequently exploited vulnerability turns out to be the Microsoft Office vulnerability CVE-2017-11882, which is accountable for three-quarters of detections.
A 12% increase was observed in the number of malware exploiting the old Microsoft Word bug CVE-2017-0199, identified as the second most exploited vulnerability.
Attacker switched from Word document malware to spreadsheet and executable formats ( EXE, XLS, XLSM).
The most effective execution technique was Excel 4.0 macros that usually have limited visibility to detection tools.
Cybercriminals are now experimenting with their malware delivery mechanisms and new development tools to stay low on the radar. This report shows that they are also successful in doing so by using obfuscation and evasive techniques. Thus, it is important to stay updated on ongoing threats and techniques used by attackers.