Wed. Apr 17th, 2024

Compressed “.ZIP” files overtake Office documents as the most common malicious file type for the first time. This has been highlighted in the HP Wolf report, HP Wolf Security Threat Insights. The report found that 44% of malware was distributed within compressed files, 11% more than in the previous quarter, compared to 32% that was distributed via Office files such as Microsoft Word, Excel, and PowerPoint. “The files are easy to encrypt, which helps cybercriminals hide malware and evade proxy, sandbox, or email-based security solutions. in detection. This makes the attacks difficult to detect, especially when combined with HTML smuggling techniques,” explains Alex Holland, Principal Malware Analyst in HP Wolf Security’s Threat Research team.

ZIP files

The report has identified several campaigns that combined the use of compressed files with new HTML smuggling techniques. For example, recent QakBot and IceID campaigns used HTML files to direct users to fake online document viewers posing as Adobe. Because the malware inside the original HTML file is scrambled and encrypted, detection by email-focused security solutions or other security tools is very difficult.

Compressed “.ZIP” files overtake Office documents as the most common malicious file type for the first time

Instead, the attacker relies on social engineering, creating a convincing and well-designed web page to trick users into launching the attack by opening the malicious ZIP file.

HP Wolf Security Threat Insights

HP also identified a complex campaign that uses a modular infection chain, which could allow attackers to dynamically change the attack method mid-attack or introduce new features, such as geo-fencing, a location-based technology. provided by GPS and the use of data from a mobile device. This could allow cybercriminals to change tactics depending on the target that has been compromised. By not including the malware directly in the attachment sent to the target, it also makes it more difficult for email gateways to detect this type of attack.

By Alvaro Rivers

Award-winning student. Incurable social media fanatic. Music scholar. Beer maven. Writer.