Attackers Are Developing and Using Entire New Breeds Of Malware

What’s in the report?

• To develop new malware, attackers were seen leveraging malware kits such as APOMacroSploit, which are now available at a price tag of $50.
• The widespread use of packers and obfuscation methods (DOSfuscation in Emotet downloaders) is also the reason behind malicious codes staying undetected for long.
• Around 88% of threats were propagated via email, and it took a total of nine days on average for AV engines to detect their hash. The remaining 12% of threats were propagated via web downloads. 
• Fake invoice attachments were used as the most common lure.
• Trojans accounted for 66% of malware in that period, mostly driven by spam campaigns spreading Dridex.

Additional trends and threats

• The most frequently exploited vulnerability turns out to be the Microsoft Office vulnerability CVE-2017-11882, which is accountable for three-quarters of detections.
• A 12% increase was observed in the number of malware exploiting the old Microsoft Word bug CVE-2017-0199, identified as the second most exploited vulnerability.
• Attacker switched from Word document malware to spreadsheet and executable formats ( EXE, XLS, XLSM).
• The most effective execution technique was Excel 4.0 macros that usually have limited visibility to detection tools.
• The most used techniques used by threats according to MITRE ATT&CK matrix were - Execution through Module Load, Obfuscated Files or Information, and Execution through API.

Conclusion