Back to top

The indispensable source for professionals who create, implement and service technology solutions for entrepreneurs to enterprise.

In the Zone

Research Roundup: ransomware, phishing, malware via Excel

Peter Krass's picture

by Peter Krass on 02/01/2022
Blog Category: advanced-technologies

Financial-services companies are the top targets of ransomware. Fake invoices and other business documents are the top methods crooks use for phishing. And Excel is now being used to spread malware.

That’s from some of the latest research on cybersecurity. Here’s your tech provider’s roundup.

Ransomware’s Top Targets

Financial-services companies are the No. 1 target of ransomware attacks, according to Trellix. As bank robber Willie Sutton once quipped, “That’s where the money is.”

Trellix, a provider of extended detection and response systems, just released its January report on threat research, which actually examines trends from the third quarter of last year.

Here’s some of what the Trellix researchers noticed:

> Financial services received more than 1 in 5 of all ransomware attacks (22%). The same industry also received roughly a third (37%) of all advanced persistent threat (APT) detections.

> Ransomware group DarkSide has re-emerged with a new name, BlackMatter. DarkSide is the group responsible for the Colonial Pipeline attack, so this is a big deal.

> Cobalt Strike, an adversary simulation tool, is being used by nation-states to gain access to the networks of others.

Most Popular Forms of Phishing

You know ransomware mostly comes in via email phishing, but do you know which types of email messages are most likely to contain phishing tests?

Security firm KnowBe4 does. Here’s its recent list of the top-clicked phishing tests:

> Business (24%): Fake invoices, purchase orders, shared files, more

> Online services (19%): Shopping, entertainment, applications, etc.

> Human Relations (16%): Applications, surveys, etc. — typicaly has the word “HR” in the mailbox name

> IT (11%): Antivirus, email account inquiries, security notifications

> Banking & Finance (8%): Transactions, confirmations

> Other (22%): Including Covid-19 messages, mail notifications, holiday coupons, social networking

And here are some typical phishing email subject lines you might encounter, according to KnowBe4:

> “Password check required immediately”

> “Dress code changes”

> “Vacation policy update”

Malware via Excel? 

You have a new reason to hate Excel. Hackers are using Microsoft’s popular spreadsheet application to spread malware.

That’s according to a new threat insights report from HP Wolf Security.

HP found a huge quarter-to-quarter increase (+588%) in attackers using malicious Excel add-in (.xll) files to infect systems.

This technique is particularly dangerous. Because running the malware requires just one click.

The HP team also found ads for .xll dropper and malware builder kits on underground markets. These kits make it easier for inexperienced attackers to launch campaigns. 

HP also identified a recent QakBot spam campaign that involved using Excel files to trick targets. The campaign sent compromised email accounts to hijack email threads and reply with an attached malicious Excel (.xlsb) file. After being delivered to systems, QakBot injects itself into legitimate Windows processes to evade detection.

HP has also seen malicious Excel (.xls) files being used to spread the Ursnif banking Trojan to Italian-speaking businesses and public-sector organizations through a malicious spam campaign. In a creepy move, the attackers posed as employees of an Italian courier service, BRT.

New campaigns spreading Emotet malware are now using Excel instead of JavaScript or Word files, too.


Back to top