Office macros have long been a favorite attack method for cybercriminals but now that Microsoft has started blocking them by default the bad guys have started to turn to other methods.
A new report from HP Wolf Security shows a shift to shortcut (LNK) files being used to deliver malware. Attackers often place shortcut files in ZIP email attachments, to help them evade email scanners.
The latest global HP Wolf Security Threat Insights Report shows an 11 percent rise in archive files containing malware, including LNK files. The team also spotted LNK malware builders available for purchase on hacker forums, making it easy for cybercriminals to shift to this 'macro-free' code execution technique by creating weaponized shortcut files and spreading them to businesses.
"As macros downloaded from the web become blocked by default in Office, we're keeping a close eye on alternative execution methods being tested out by cybercriminals. Opening a shortcut or HTML file may seem harmless to an employee but can result in a major risk to the enterprise," says Alex Holland, senior malware analyst on the HP Wolf Security threat research team. "Organizations must take steps now to protect against techniques increasingly favored by attackers or leave themselves exposed as they become pervasive. We'd recommend immediately blocking shortcut files received as email attachments or downloaded from the web where possible."
Other findings of the report include an increase in 'HTML smuggling', using emails posing as regional post services or major events to get dangerous file types that would otherwise be blocked by email gateways into organizations.
The report is based on data from endpoints running HP Wolf Security, it finds 14 percent of email malware captured bypassed at least one email gateway scanner. Threat actors used 593 different malware ..
Support the originator by clicking the read the rest link below.
