These are the file types most likely to be hiding malware
The dreaded Office file has finally been dethroned
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
For the first time in three years,MicrosoftOffice files are no longer the most common file type for malware distribution. That’s according toHPWolf Security’s latestThreat Insights Reportfor Q3 2022.
Analyzing data from “millions of endpoints” running its cybersecurity solution, HP concluded that archive files (.ZIP and .RAR files, for example) surpassed Office files to become the most common way to distribute malware.
In fact, 44% of all malware delivered in Q3 2022 used this format, up 11% on Q2. Office files, on the other hand, accounted for 32% of all malware distributions.
Bypassing protections
HP also found that Archive files would usually be combined with an HTML smuggling technique, in which cybercriminals would embed malicious archive files into HTML files to avoid being detected by email security solutions.
“Archives are easy to encrypt, helping threat actors to conceal malware and evade web proxies, sandboxes, or email scanners,” said Alex Holland, Senior Malware Analyst for the HP Wolf Security threat research team.
“This makes attacks difficult to detect, especially when combined with HTML smuggling techniques.”
Holland used the recent QakBot and IceID campaigns as examples. In these campaigns, HTML files were used to direct victims to fake online document viewers, with victims being encouraged to open a .ZIP file and unlock it with a password. Doing so would infect their endpoints with malware.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“What was interesting with theQakBotandIceIDcampaigns was the effort put in to creating the fake pages – these campaigns were more convincing than what we’ve seen before, making it hard for people to know what files they can and can’t trust,” Holland added.
ZIP files are being used to bypass security gateways>All you need to hijack a Mac is an old Office document and a .zip file>Here’s our rundown of the best endpoint protection services right now
HP has also said that cybercriminals evolved their tactics to develop “complex campaigns” with a modular infection chain.
This allows them to switch up the type ofmalwaredelivered mid-campaign, depending on the situation. Crooks could deliver spyware, ransomware, or infostealers, all using the same infection tactics.
The best way to protect against these attacks, the researchers say, is to adopt aZero Trustapproach to security.
“By following the Zero Trust principle of fine-grained isolation, organizations can use micro-virtualization to make sure potentially malicious tasks – like clicking on links or opening malicious attachments – are executed in a disposable virtual machine separated from the underlying systems,” explains Dr Ian Pratt, Global Head of Security for Personal Systems at HP.
“This process is completely invisible to the user, and traps any malware hidden within, making sure attackers have no access to sensitive data and preventing them from gaining access and moving laterally.”
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Cisco issues patch to fix serious flaw allowing possible industrial systems takeover
Washington state court systems taken offline following cyberattack
Lego will let you build Sir Ernest Shackleton’s iconic lost ship, the Endurance, in its next Icons set
