Cybercriminals are using a wider-than-ever range of malicious documents to spread malware and gain initial access to target systems, according to HP Wolf Security.
Alex Holland, principal threat researcher in the HP Security Lab, told Infosecurity that threat actors have recently shifted their focus.
They are now prioritizing script-based phishing techniques over approaches based on traditional malicious documents, he said ahead of the launch of HP Wolf Security’s Threat Insights Report Q2 2024.
Leveraging Archive Files in Phishing Campaigns
“For the past two years, we have seen a movement away from using maldocs, Microsoft Office documents containing malicious macros, towards leveraging interpreted script languages, such as VBScript and JavaScript,” Holland explained.
Typically, threat actors would combine this living-off-the-land phishing technique with delivering encrypted archive files.
“With this approach, instead of sending an attached document that includes a malicious macro infecting the target system, threat actors would send an archive file that includes hidden malicious VBScript or JavaScript code alongside the file that the victim wants to download.”
HP Wolf Security’s quarterly report shows that 39.23% of malware deliveries came from an archive file in the second quarter of 2024, compared to 27.89% in the previous reported period.
No tags.
