While more exotic forms of attack may make headlines, it turns out good old email is still the most popular vector of attack for malicious actors, according to research from HP Wolf Security, accounting for 79% of threats.
The figure is a single percentage point down from 2022’s figures but highlights issues facing email administrators. Web browser downloads also dropped by 1% to 12%, while other vectors, such as removable media, grew to 9%.
Researchers noted that while attack chains tended to be formulaic, there had been a move to threat actors connecting different components to create something more unique – and harder to detect.
According to researchers “32% of the QakBot infection chains analyzed by HP in Q2 were unique”.
QakBot spam activity surged in Q2 2023, with the malware distributors switching between many different file types to infect PCs.
Patrick Schläpfer, Senior Malware Analyst at HP Wolf Security, told ITPro that the team had seen continuous and rapid change across various attack vectors. He gave the example of the QakBot campaigns, which showed threat actors changing their initial vector as well as techniques within the infection chain.
RELATED RESOURCE
The state of email security 2023
Get the latest insights from 1,700 CISOs and other IT professionals as they share the steps they are taking to protect their organizations from email-based threats
He also noted the impact of Microsoft’s disabling of macros by default, which has forced a diversification of attack vectors. “During 2022, we observed attackers attempting various newer techniques such as HTML smuggling, PDF lures, and also OneNote documents – which is particularly interesting as OneNote attacks do not rely on macros,” he said
Schläpfer noted that most attacks were wide-ranging rather than targeted as attackers attempted to gain a foothold in a system. He shared statistics with ITPro collected over the course of Q2 2023 that show over half (51.5%) of malicious email attachments were archives and almost a quarter (24.4%) were documents. PDFs accounted for 4.2% and executables 1.5%.
More on security
Attackers are also becoming more creative, according to the research. One recent campaign used multiple programming languages in an effort to avoid detection. The payload was encrypted using Go before switching to C++ in order to interact with the victim’s operating system before running .NET malware.
According to Schläpfer, attackers are becoming more knowledgeable about their target systems, making it easier to exploit gaps or vulnerabilities. He said: “By knowing which doors to push, they can navigate internal systems with ease, using relatively simple techniques in very effective ways – without sounding the alarm”.
With email remaining the top attack vector, the advice for administrators remains the same. Dr Ian Pratt, global head of security for personal systems at HP, commented that while attack chains might vary, the initiation methods tended to remain the same: “It inevitably comes down to the user clicking on something”.
“Instead of trying to second guess the infection chain, organizations should isolate and contain risky activities such as opening email attachments, clicking on links, and browser downloads.”
-
What does modern security success look like for financial services?Sponsored As financial institutions grapple with evolving cyber threats, intensifying regulations, and the limitations of ageing IT infrastructure, the need for a resilient and forward-thinking security strategy has never been greater
-
Yes, legal AI. But what can you actually do with it? Let’s take a look…Sponsored Legal AI is a knowledge multiplier that can accelerate research, sharpen insights, and organize information, provided legal teams have confidence in its transparent and auditable application
-
Critical Dell Storage Manager flaws could let hackers access sensitive data – patch nowNews A trio of flaws in Dell Storage Manager has prompted a customer alert
-
Using AI to code? Watch your security debtnews Black Duck research shows faster development may be causing risks for companies
-
Organizations warned of "significant lag" in deepfake protection investmentnews Defenses are failing to keep up with the rapidly growing attack vector, with most organizations being overconfident
-
Teens arrested over nursery chain Kido hacknews The ransom attack caused widespread shock when the hackers published children's personal data
-
Middlesbrough Council boosts cybersecurity spending, strategy in response to repeated cyberattacksNews Councils across the UK have publicly struggled with maintaining services in the face of major cyber disruption
-
Foreign states ramp up cyberattacks on EU with AI-driven phishing and DDoS campaignsNews ENISA warns of hacktivism, especially through DDoS attacks
-
Cybersecurity leaders must stop seeing resilience as a "tick box exercise" to achieve meaningful protection, says Gartner expertNews Collaboration between departments and a better understanding of organizational metrics are key to addressing security blindspots
-
A new 'top-tier' Chinese espionage group is stealing sensitive datanews Phantom Taurus has been operating for two years and uses custom-built malware to maintain long-term access to critical targets
