These are the most likely file types to contain malware
For the first time in three years, Microsoft Office files are no longer the most common file type for malware distribution. That’s according to the latest Threat Insights Report from HP Wolf Security (opens in new tab) for Q3 2022.
Analyzing data from “millions of endpoints” that run its cybersecurity solution, HP concluded that archive files (for example, .ZIP and .RAR files) have surpassed Office files and have become the most common way to distribute malware.
In fact, 44% of all malware shipped in Q3 2022 used this format, an 11% increase from Q2. Office files, on the other hand, accounted for 32% of all malware distributions.
Bypass protections
HP also found that archive files are usually combined with an HTML smuggling technique, where cybercriminals embed malicious archive files in HTML files to avoid being detected by email security solutions.
“Archives are easily encrypted, allowing threat actors to hide malware and bypass web proxies, sandboxes or email scanners,” said Alex Holland, Senior Malware Analyst for the HP Wolf Security threat research team.
“This makes attacks difficult to detect, especially when combined with HTML smuggling techniques.”
Holland used the recent QakBot and IceID campaigns as an example. In these campaigns, HTML files were used to direct victims to fake online document viewers, encouraging victims to open a .ZIP file and unlock it with a password. This would infect their endpoints with malware.
“What was interesting about the QakBot and IceID campaigns was the effort that went into creating the fake pages – these campaigns were more persuasive than anything we’ve seen before, making it difficult for people to know which files they actually and not being able to trust.’ Holland added.
HP has also said that cybercriminals have developed their tactics to develop “complex campaigns” with a modular infection chain.
This allows them to switch between the type of malware delivered in the middle of the campaign depending on the situation. Scammers can deliver spyware, ransomware or infostealers, all using the same infection tactics.
The best way to protect against these attacks, the researchers say, is to adopt a Zero Trust approach to security.
“By following the Zero Trust principle of fine-grained isolation, organizations can use microvirtualization to ensure that potentially malicious tasks – such as clicking links or opening malicious attachments – are performed in a disposable virtual machine that is separate from the underlying systems,” explains Dr. Ian Pratt, Global Head of Security for Personal Systems at HP.
“This process is completely invisible to the user and traps any hidden malware, preventing attackers from accessing sensitive data and preventing them from gaining access and moving laterally.”
