STOCK TITAN
  1. Home
  2. News
  3. HPQ

Emotet rockets into pole position as most seen malware family in Q1

Rhea-AI Impact
(Low)
Rhea-AI Sentiment
(Negative)
Tags
Rhea-AI Summary

HP Wolf Security’s Threat Insights Report reveals a significant 27% increase in overall threats captured in Q1 2022, including a notable surge in Emotet spam campaigns. Emotet is now the most common malware family, accounting for 9% of all malware detected. The report highlights increased attacks via Java Archive and JavaScript files, as well as a rise in HTML smuggling techniques. Additionally, 69% of malware was delivered via email, with Office file formats comprising 45% of isolated threats. Cybercriminals are evolving tactics, prompting a call for enhanced endpoint security strategies.

Positive
  • 27% rise in overall threats captured in Q1 2022.
  • Emotet becomes the most common malware family detected, representing 9% of all malware.
  • Identification of new malware techniques, including HTML smuggling and Java-based attacks.
  • Over 18 billion email attachments and downloads clicked without reported breaches among HP customers.
Negative
  • 879% increase in .XLSM malware samples linked to Emotet campaigns.
  • Malware detection rates for new attack formats are low, increasing infection risk.
  • It took an average of 79 hours for new threats to be known by other security tools.

HP Wolf Security’s latest Threat Insights Report highlights 27% jump in overall threats captured, including increases in script-based malware, HTML smuggling and persistent re-infection

PALO ALTO, Calif., May 12, 2022 (GLOBE NEWSWIRE) -- HP Inc. (NYSE: HPQ) today announced that the HP Wolf Security threat research team has identified a 27-fold increase in detections resulting from Emotet malicious spam campaigns in Q1 2022, compared to Q4 2021 – when Emotet first made its reappearance. The latest global HP Wolf Security Threat Insights Report – which provides analysis of real-world cybersecurity attacks – shows that Emotet has bolted up 36 places to become the most common malware family detected this quarter (representing 9% of all malware captured). One of these campaigns – which was targeted at Japanese organizations and involved email thread hijacking to trick recipients into infecting their PCs – was largely responsible for an 879% increase in .XLSM (Microsoft Excel) malware samples captured compared to the previous quarter.

By isolating threats that have evaded detection tools and made it to user endpoints, HP Wolf Security has specific insight into the latest techniques being used by cybercriminals. Notable examples include:

  • Stealthy alternatives to malicious Microsoft Office documents growing popular, as macros start being phased out: As Microsoft has begun disabling macros, HP has seen a rise in non-Office-based formats, including malicious Java Archive files (+476%) and JavaScript files (+42%) compared to last quarter. Such attacks are harder for organizations to defend against because detection rates for these file types are often low, increasing the chance of infection.
  • Signs indicate HTML smuggling on the rise: The median file size of HTML threats grew from 3KB to 12KB, suggesting a rise in the use of HTML smuggling, a technique where cybercriminals embed malware directly into HTML files to bypass email gateways and evade detection, before gaining access and stealing critical financial information. Recent campaigns were seen targeting Latin American and African banks.
  • “Two for One” malware campaign leads to multiple RAT infections: A Visual Basic script attack was found being used to kick start a kill chain resulting in multiple infections on the same device, giving attackers persistent access to victims’ systems with VW0rm, NjRAT and AsyncRAT.

“Our Q1 data shows this is by far the most activity we’ve seen from Emotet since the group was disrupted early in 2021 – a clear signal its operators are regrouping, building back their strength and investing in growing the botnet. Emotet was once described by CISA as among the most destructive and costly malware to remediate and its operators often collaborate with ransomware groups, a pattern we can expect to continue. So their reemergence is bad news for businesses and public sector alike,” explains Alex Holland, Senior Malware Analyst, HP Wolf Security threat research team, HP Inc. “Emotet also continued to favor macro-enabled attacks – perhaps to get attacks in before Microsoft’s April deadline, or simply because people still have macros enabled and can be tricked into clicking on the wrong thing.”

The findings are based on data from many millions of endpoints running HP Wolf Security. HP Wolf Security tracks malware by opening risky tasks in isolated, micro-virtual Machines (micro-VMs) to protect the user and understand and capture the full attempted infection chain, mitigating threats that have slipped past other security tools. To date, HP customers have clicked on over 18 billion email attachments, web pages, and downloads with no reported breaches. This data provides unique insights into how threat actors use malware in the wild.

Further key findings in the report include:

  • 9% of threats hadn’t been seen before at the time they were isolated, with 14% of email malware isolated having bypassed at least one email gateway scanner.
  • It took over 3 days (79 hours), on average, to be known by hash to other security tools.
  • 45% of malware isolated by HP Wolf Security were Office file formats.
  • Threats used 545 different malware families in their attempts to infect organizations, with Emotet, AgentTesla and Nemucod being the top three.
  • A Microsoft Equation Editor exploit (CVE-2017-11882) accounted for 18% of all malicious samples captured.
  • 69% of malware detected was delivered via email, while web downloads were responsible for 18%. The most common attachments used to deliver malware were documents (29%), archives (28%), executables (21%), spreadsheets (20%).
  • The most common attachments used to deliver malware were spreadsheets (33%), executables and scripts (29%), archives (22%), and documents (11%).
  • The most common phishing lures were business transactions such as “Order”, “Payment”, “Purchase”, “Request” and “Invoice”.

“This quarter we saw a significant 27% rise in the volume of threats captured by HP Wolf Security. As cybercriminals tweak their approaches in response to changes in the IT landscape, the volume and variety of attacks continues to increase, and it becomes harder for conventional tools to detect attacks,” comments Dr. Ian Pratt, Global Head of Security for Personal Systems, HP Inc. “With an uptake in alternative file types and techniques being used to bypass detection, organizations need to change course and take a layered approach to endpoint security. By applying the principle of least privilege and isolating the most common threat vectors – from email, browsers, or downloads – rendering malware delivered via these vectors harmless. This dramatically reduces organizations’ risk exposure to cyber threats.”

By isolating threats that have evaded detection tools and made it to user endpoints, HP Wolf Security has specific insight into the latest techniques being used by cybercriminals.

The HP Wolf Security team will discuss the Q1 2022 Threat Insights Report in a webinar briefing on June 7 at 8am PDT, you can find out more here.

About the data

This data was anonymously gathered within HP Wolf Security customer virtual machines from January-March 2022.

About HP

HP Inc. is a technology company that believes one thoughtful idea has the power to change the world. Its product and service portfolio of personal systems, printers, and 3D printing solutions helps bring these ideas to life. Visit http://www.hp.com.

About HP Wolf Security

HP Wolf Security is a new breed1 of endpoint security. HP’s portfolio of hardware-enforced security and endpoint-focused security services are designed to help organizations safeguard PCs, printers, and people from circling cyber predators. HP Wolf Security provides comprehensive endpoint protection and resiliency that starts at the hardware level and extends across software and services. Visit https://www.hp.com/uk-en/security/endpoint-security-solutions.html.

Vanessa Godsal
vgodsal@hp.com

1 HP Security is now HP Wolf Security. Security features vary by platform, please see product data sheet for details.


FAQ

What did HPQ's Q1 2022 Threat Insights Report reveal?

The report indicated a 27% increase in overall threats captured, with Emotet becoming the primary malware family.

When was the HP Wolf Security Threat Insights Report released?

The report was released on May 12, 2022.

How much did Emotet spam campaigns increase in Q1 2022?

Emotet spam campaigns saw a 27-fold increase in detections in Q1 2022 compared to Q4 2021.

What percentage of malware detected was linked to email?

69% of the malware detected was delivered via email.

What are the most common file formats for isolated malware?

45% of malware isolated were in Office file formats.

Stock HPQ logo
HP Inc.

NYSE:HPQ

HPQ Rankings

#355 Ranked by Market Cap
#1055 Ranked by Dividends

HPQ Latest News

Nov 5, 2024
HP Inc. to Announce Fourth Quarter Fiscal 2024 Earnings on Nov 26, 2024
Oct 30, 2024
HP Equips Partners for the AI Era with New Amplify AI Program
Sep 25, 2024
HP Strengthens Workforce Experience Platform with Acquisition of Vyopta
Sep 24, 2024
Introducing HP Print AI, Industry’s First Intelligent Print Experiences for Home, Office, and Large Format Printing
Sep 24, 2024
HP Workforce Solutions Advances Strategy to Deliver Exceptional Employee Experiences

HPQ Stock Data

36.94B
961.71M
0.21%
82.68%
4.64%
Computer Hardware
Computer & Office Equipment
Link
United States of America
PALO ALTO