Avira’s Malware Threat Report for the first quarter of 2020 revealed an increase in phishing and spam campaigns, as well as Emotet-related attacks. Cybercriminals took advantage of the troubled global situation caused by the COVID-19 pandemic to spread malware in the form of trojans, worms, and file infectors.
The latest midyear report, which you can read in full here, provides an in-depth analysis of more sophisticated attacks, such as Portable Executable (PE) threats. The second quarter of 2020 brought back some old attack schemes, such as macro malware, but in a more elaborate form. In addition, there was also an increase in script-based attacks.
Cyberattacks decrease but become more sophisticated
In the second quarter of 2020, we saw a slight decrease in the number of attacks. However, hackers invested time in developing more elaborate attacks, focusing on script-based threats and exploiting vulnerabilities in highly popular software, such as Microsoft Office. Even though there were fewer attacks overall compared to the first quarter of the year, the spread of adware and potentially unwanted applications (PUA) has been steadily growing.
Cyberattackers have been using file infectors attached to Portable Executable (PE) file formats, such as .exe, .dll, and .scr, the executable files you need to run one to install new software. Together with trojans, file infectors were responsible for more than half of the attacks in the last quarter.
Remote work provides new opportunities for hackers
As more and more people have been working from home, cybercriminals have been adapting their attacks accordingly, developing non-PE attacks: adding malware in types of files frequently shared online, such as PDFs and Microsoft Office files, and spreading script-based malware.
Macro malware hidden in Microsoft Office files, especially in Excel spreadsheets, has been spread through spam and phishing emails. Most of the attacks exploited Excel 4.0 macros or XLM macros. The hackers use the Visual Basic Application (VBA) in Microsoft Office to add malicious code in macros. While this technique is not new, hackers became more creative in hiding the macro malware. For example, the malicious macros were added in hidden or very hidden sheets. The latter is the most dangerous since sheets set to very hidden are not visible in the list of sheets and are not shown when selecting the option unhide. The only way to access a very hidden sheet is to use the VBA editor, something that the average Excel user doesn’t usually do.
Script-based malware affects websites based on JavaScript. Many websites have third-party scripts embedded, such as ads and widgets that make the site more dynamic and interactive. Integrating third-party scripts without a proper vetting process can be dangerous. Attackers can add malicious code in these scripts. When browsing a website with malicious JavaScript code, infected JavaScript files are downloaded on your PC and executed by the browser, redirecting your traffic to an exploit server controlled by the attackers. These attacks have become more common in the past months.
Although MacOS is often considered highly secure, Apple computers are just as vulnerable to macro malware and script-based attacks. The chart below shows the different threats affecting Apple devices.
The most common threat is adware, followed by HTML script-based attacks, and Microsoft Office macro malware. Other categories include exploits (files that exploit vulnerabilities present in the targeted system or specific applications installed on it) and PUA.
This post is also available in: FrenchSpanishItalianPortuguese (Brazil)