Opened an invoice — say goodbye to the data. Why should you be more careful with office documents?
A recent report on cybersecurity for the third quarter of 2023, published by HP Wolf Security, shows a significant increase in the number of campaigns using remote access Trojans (RAT). Experts note an increase in the use of RAT, which is often hidden in seemingly legitimate Excel and PowerPoint files attached to emails.
According to the report, so-called "malware creation kits" that cost less than $100 contribute to an increase in the number of attacks using RAT. In particular, a jump in the activity of Parallax RAT malware, which disguises itself as invoices, was recorded. Kits to create them are available for as little as $65 per month on hacker forums.
The researchers also note that criminals attract novice hackers to use RAT by offering malware kits, such as XWorm, hosted on seemingly legitimate platforms like GitHub. New whales are also emerging, including DiscordRAT 2.0 .
Alex Holland, senior malware analyst at HP, points out that 80% of the threats reported by their systems in the quarter came from email. An interesting point is that some hackers target less experienced colleagues by using RAT in their campaigns. We wrote more about this yesterday .
Parallax RAT, which was the 46th most popular malware in the second quarter of 2023, jumped to 7th place in the next quarter. This clearly indicates the growing interest of attackers in this type of malware.
Parallax was previously linked to various campaigns at the beginning of the coronavirus pandemic and, according to researcher Arnold Osipov of Morphisec, even then the malware was able to bypass complex detection solutions, steal credentials and execute remote commands.
In 2023, Parallax rats are becoming an increasingly significant threat, but do not forget about other variants of remote access Trojans, which are also very popular with hackers.
For example, Remcos RAT, first discovered in 2016, also uses Microsoft Office as a distribution channel quite successfully. HP experts also noted the growing popularity of the VBScipt-based Houdini RAT malware, which has been running on the web since 2013.
However, given Microsoft's plans to phase out VBScript, these threats may be short-lived. Microsoft has announced that VBScript will only be available on demand in future versions of Windows and will eventually be completely removed from the system.
However, HP's Alex Holland warns that despite this positive change for defenders, attackers are likely to switch to using other programming languages, such as PowerShell and Bash, and also focus on developing new code obfuscation techniques to bypass endpoint security systems.
Organizations need to update their security tools regularly to stay ahead of any threats. Vigilance and a proactive approach to cybersecurity are the key to success against most hacker attacks.
A recent report on cybersecurity for the third quarter of 2023, published by HP Wolf Security, shows a significant increase in the number of campaigns using remote access Trojans (RAT). Experts note an increase in the use of RAT, which is often hidden in seemingly legitimate Excel and PowerPoint files attached to emails.
According to the report, so-called "malware creation kits" that cost less than $100 contribute to an increase in the number of attacks using RAT. In particular, a jump in the activity of Parallax RAT malware, which disguises itself as invoices, was recorded. Kits to create them are available for as little as $65 per month on hacker forums.
The researchers also note that criminals attract novice hackers to use RAT by offering malware kits, such as XWorm, hosted on seemingly legitimate platforms like GitHub. New whales are also emerging, including DiscordRAT 2.0 .
Alex Holland, senior malware analyst at HP, points out that 80% of the threats reported by their systems in the quarter came from email. An interesting point is that some hackers target less experienced colleagues by using RAT in their campaigns. We wrote more about this yesterday .
Parallax RAT, which was the 46th most popular malware in the second quarter of 2023, jumped to 7th place in the next quarter. This clearly indicates the growing interest of attackers in this type of malware.
Parallax was previously linked to various campaigns at the beginning of the coronavirus pandemic and, according to researcher Arnold Osipov of Morphisec, even then the malware was able to bypass complex detection solutions, steal credentials and execute remote commands.
In 2023, Parallax rats are becoming an increasingly significant threat, but do not forget about other variants of remote access Trojans, which are also very popular with hackers.
For example, Remcos RAT, first discovered in 2016, also uses Microsoft Office as a distribution channel quite successfully. HP experts also noted the growing popularity of the VBScipt-based Houdini RAT malware, which has been running on the web since 2013.
However, given Microsoft's plans to phase out VBScript, these threats may be short-lived. Microsoft has announced that VBScript will only be available on demand in future versions of Windows and will eventually be completely removed from the system.
However, HP's Alex Holland warns that despite this positive change for defenders, attackers are likely to switch to using other programming languages, such as PowerShell and Bash, and also focus on developing new code obfuscation techniques to bypass endpoint security systems.
Organizations need to update their security tools regularly to stay ahead of any threats. Vigilance and a proactive approach to cybersecurity are the key to success against most hacker attacks.
