Did you know that nearly 15% of email-borne malware bypasses an email gateway scanner?
That malware isolated inside archives recently rose by 11%?
Or that email remains the top threat vector, representing nearly 70% of instances?
That’s all according to the HP Wolf Security Threat Insight Report on Q2:2022, issued earlier this month. The report is based on information shared by HP’s customers anonymously from April to June, then analyzed by the company’s security experts.
Here are some of the report’s other top findings:
> Slow patching: A zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT) URL protocol was detected in April, but not patched until mid-June, nearly 65 days later.
The vulnerability, later dubbed “Follina,” wasn’t even a surprise. It had first been reported in Aug. 2020.
> Risky spreadsheets: One of the top file types for delivering malware across all vectors in Q2 was the plain old spreadsheet (see chart below, courtesy of HP Wolf Security). The most popular spreadsheet lures were business transactions.
> VIP invitations, beware: Tell your customers to think twice before opening an emailed VIP invitation that arrives out of the blue.
In Q2, a campaign spread malicious Microsoft Word docs by masquerading as VIP invitations to the Expo 2023 Doha, Qatar. The Word doc was an innocent-looking .docx file; but when opened, it triggered malicious code.
> Fake delivery notices: If you or your customers receive a delivery notice for a delivery you don’t remember ordering, be careful.
HP Wolf says fake delivery notifications were one of the most popular lures spotted in Q2. One imitated emailed Israel Post notices. The attachment contained malicious HTML code.
> Macro-free malware: Cybersecurity is an arms race. This past February, Microsoft announced that as a security measure, its Office system will automatically disable macros documents downloaded from the web.
Well, by Q2, threat actors had already responded. They began to experiment with alternative, macro-free execution techniques.
One example involved the Emotet malware, which has previously been distributed mainly via email attachments. In April, threat actors tested using shortcut (.lnk) files to deliver the malware instead of via Office documents.