There’s been a huge rise in new cyberthreats during the pandemic

Many malware samples had never been seen before

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The number of previously unknownmalwarevariants has spiked during the pandemic, according to a new report fromHP.

Thecompany’s recent Quarterly Threat Insights Report, based on data pulled from HP customer Sure Click virtual machines in the final three months of 2020, says 29% of captured malware was seen for the first time.

Antivirussolutions would take 8.8 days, on average, to learn about a new malware variant, giving criminals more than a week’s worth of a head start for their sinister goals.

Trojans made up the majority of malware spotted by HP’s systems (66%), with the Dridex variant becoming increasingly popular, boasting a 239% increase in prevalence.

Growth in all areas

Most of the time, criminals leverage documents, archive files, spreadsheets and executable files to distribute the malware with the latter, malicious executables, rising by 12%. A memory corruption flaw inMicrosoftOffice’s Equation Editor, known under CVE-2017-11882, made up almost three quarters of the exploits discovered in the period.

For distribution, criminals are still largely opting foremail. Almost all malware (88%) was distributed via this channel, in many cases successfully navigating past gateway filters.

A new Office malware builder called APOMacroSploit was often used to trick victims into opening a malicious XLS attachment carrying the BitRAT remote access Trojan. In other instances, criminals would share fake pharmaceutical invoices in Word documents that would run a malicious macro after the document had been closed.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

HP argues cybercriminals are increasingly using packers and other obfuscation techniques in order to avoid detection, and it’s obviously working.

For example, just before being taken down last January, Emotet’s operators used the DOSfuscation technique on the downloader to make the obfuscation more complex. They also made sure the downloader generated an error message when opened to help avoid suspicion after the malicious document behaved in a strange manner.

“Opportunistic cybercrime does not show any signs of slowing,” said Alex Holland, senior malware analyst at HP. “Cybercriminals are exploiting low-cost malware-as-a-service kits, which are proliferating in underground forums. Kits like APOMacroSploit, which emerged in Q4 2020, can be bought for as little as $50 USD, illustrating just how low the barrier to entry is for opportunistic cybercrime.”

“We have also seen threat actors continue to experiment with malware delivery techniques to improve their chances of establishing footholds into networks. The most effective execution techniques we saw in Q4 2020 involved old technologies like Excel 4.0 macros that often offer little visibility to detection tools.”

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’