STOCK TITAN

Archive files “.ZIP past” Office docs as most common malicious file type for the first time

Rhea-AI Impact
(Low)
Rhea-AI Sentiment
(Negative)
Tags
Rhea-AI Summary

HP Wolf Security's report reveals critical insights into evolving cyber threats. The latest findings indicate that 44% of malware is delivered through archive files, surpassing Office files for the first time in three years. The report highlights increased use of HTML smuggling techniques alongside archive files to evade detection. Cybercriminals employed deceptive tactics, tricking users into executing malicious ZIP files. HP emphasizes the importance of adopting Zero Trust principles and micro-virtualization to enhance security against these sophisticated attacks.

Positive
  • 44% of malware delivered via archive files, indicating a strategic shift in cyberattack methods.
  • HP's application isolation technology has protected users without reported breaches after clicking on over 18 billion files.
Negative
  • The increased sophistication and frequency of malware attacks indicate a growing challenge for detection tools.

HP Wolf Security report shows powerful combination of archive files and HTML smuggling is helping threat actors hoodwink detection tools

PALO ALTO, Calif., Dec. 01, 2022 (GLOBE NEWSWIRE) -- HP Inc. (NYSE: HPQ) today issued its third quarter HP Wolf Security Threat Insights Report, finding that archive file formats – such as ZIP and RAR files – were the most common file type for delivering malware, surpassing Office files for the first time in three years. This report provides an analysis of real-world cyberattacks, helping organizations to keep up with the latest techniques cybercriminals use to evade detection and breach users in the fast-changing cybercrime landscape.

Based on data from millions of endpoints running HP Wolf Security, the research found 44% of malware was delivered inside archive files – an 11% rise on the previous quarter – compared to 32% delivered through Office files such as Microsoft Word, Excel, and PowerPoint.1

The report identified several campaigns that were combining the use of archive files with new HTML smuggling techniques – where cybercriminals embed malicious archive files into HTML files to bypass email gateways – to then launch attacks.

For example, recent QakBot and IceID campaigns used HTML files to direct users to fake online document viewers that were masquerading as Adobe. Users were then instructed to open a ZIP file and enter a password to unpack the files, which then deployed malware onto their PCs.

As the malware within the original HTML file is encoded and encrypted, detection by email gateway or other security tools is very difficult. Instead, the attacker relies on social engineering, creating a convincing and well-designed web page to fool people into initiating the attack by opening the malicious ZIP file. In October, the same attackers were also found using fake Google Drive pages in an ongoing effort to trick users into opening malicious ZIP files.

“Archives are easy to encrypt, helping threat actors to conceal malware and evade web proxies, sandboxes, or email scanners. This makes attacks difficult to detect, especially when combined with HTML smuggling techniques. What was interesting with the QakBot and IceID campaigns was the effort put in to creating the fake pages – these campaigns were more convincing than what we’ve seen before, making it hard for people to know what files they can and can’t trust,” explains Alex Holland, Senior Malware Analyst, HP Wolf Security threat research team, HP Inc.

HP also identified a complex campaign using a modular infection chain, which could potentially enable attackers to change the payload – such as spyware, ransomware, keylogger – mid-campaign, or to introduce new features, like geo-fencing. This could enable an attacker to change tactics depending on the target they have breached. By not including malware directly in the attachment sent to the target, it is also harder for email gateways to detect this type of attack.

“As shown, attackers are constantly switching up techniques, making it very difficult for detection tools to spot,” comments Dr Ian Pratt, Global Head of Security for Personal Systems, HP Inc. “By following the Zero Trust principle of fine-grained isolation, organizations can use micro-virtualization to make sure potentially malicious tasks – like clicking on links or opening malicious attachments – are executed in a disposable virtual machine separated from the underlying systems. This process is completely invisible to the user, and traps any malware hidden within, making sure attackers have no access to sensitive data and preventing them from gaining access and moving laterally.”

HP Wolf Security runs risky tasks like opening email attachments, downloading files and clicking links in isolated, micro-virtual machines (micro-VMs) to protect users, capturing detailed traces of attempted infections. HP’s application isolation technology mitigates threats that can slip past other security tools and provides unique insights into novel intrusion techniques and threat actor behavior. By isolating threats on PCs that have evaded detection tools, HP Wolf Security has specific insight into the latest techniques being used by cybercriminals. To date, HP customers have clicked on over 18 billion email attachments, web pages, and downloaded files with no reported breaches.

About the data

This data was anonymously gathered within HP Wolf Security customer virtual machines from July-September 2022.

About HP

HP Inc. is a technology company that believes one thoughtful idea has the power to change the world. Its product and service portfolio of personal systems, printers, and 3D printing solutions helps bring these ideas to life. Visit http://www.hp.com

About HP Wolf Security

HP Wolf Security is a new breed2 of endpoint security. HP’s portfolio of hardware-enforced security and endpoint-focused security services are designed to help organizations safeguard PCs, printers, and people from circling cyber predators. HP Wolf Security provides comprehensive endpoint protection and resiliency that starts at the hardware level and extends across software and services. Visit https://www.hp.com/uk-en/security/endpoint-security-solutions.html.

Vanessa Godsal
vgodsal@hp.com


1 As detailed in page 2 of the HP Wolf Security Q3 Threat Insights Report https://threatresearch.ext.hp.com/hp-wolf-security-threat-insights-report-q3-2022/

2 HP Security is now HP Wolf Security. Security features vary by platform, please see product data sheet for details.

©Copyright 2022 HP Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.


FAQ

What percentage of malware is delivered through archive files according to HPQ's latest report?

44% of malware is delivered through archive files, surpassing Office files for the first time in three years.

How does HP Wolf Security help protect against malware?

HP Wolf Security uses application isolation technology to run risky tasks in a disposable virtual machine, safeguarding sensitive data.

What is HTML smuggling in relation to HPQ's report?

HTML smuggling refers to cybercriminals embedding malicious files within HTML documents to bypass security measures and deliver malware.

What are the implications of the rise in archive files for malware delivery for companies?

The rise in archive file usage presents new challenges for companies to enhance their cybersecurity measures against evolving threats.

When was HPQ's Q3 Threat Insights Report released?

HPQ's Q3 Threat Insights Report was released on December 1, 2022.

HP Inc.

NYSE:HPQ

HPQ Rankings

HPQ Latest News

HPQ Stock Data

36.94B
961.71M
0.21%
82.68%
4.64%
Computer Hardware
Computer & Office Equipment
Link
United States of America
PALO ALTO