1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft's campaign against malicious macros has given rise to n

    From TechnologyDaily@1337:1/100 to All on Wed Aug 10 17:45:03 2022
    Microsoft's campaign against malicious macros has given rise to new,
    dangerous attacks

    Date:
    Wed, 10 Aug 2022 16:30:31 +0000

    Description:
    Shortcut files have become quite infamous since Office macros bit the bullet

    FULL STORY ======================================================================

    With Office macros no longer being the best way to deliver malicious payloads to endpoints around the world, cybercriminals are turning toward novel strategies, including using shortcut (.lnk) files.

    Findings from HP Wolf Security based on data from millions of endpoints claimed there has been an 11% rise in archive files containing malware, including .lnk files, compared to the previous quarter. Sometimes, threat actors would place these shortcuts in .zip files before mailing them, in
    order to avoid being detected by any antivirus solutions, or email protection measures.

    There are two key elements to shortcut files that make them an ideal weapon for malware distribution: they can be made to run pretty much any file, and they can have any icon that comes preinstalled with Windows. That being said, threat actors can give it an icon of a .pdf file, and have it run a .exe, .log, or a .dll file, which could load pretty much any virus. In some cases, the hackers would even abuse legitimate Windows applications, such as the
    good old Calculator, for their nefarious purposes. Distributing RedLine Stealer

    Most of the time, the report further states, threat actors are using shortcut files to spread QakBot, IceID, Emotet, and RedLine Stealer. They also abuse the Follina zero-day vulnerability (CVE-2022-30190), the researchers added.

    As macros downloaded from the web become blocked by default in Office, were keeping a close eye on alternative execution methods being tested out by cybercriminals. Opening a shortcut or HTML file may seem harmless to an employee but can result in a major risk to the enterprise, explains Alex Holland, Senior Malware Analyst, HP Wolf Security threat research team, HP Inc. Read more

    Uh oh, malicious Windows shortcuts are making a return


    Cybercriminals have found a cunning new way to evade security protections


    These are the best free and paid options for the best firewall software

    Organizations must take steps now to protect against techniques increasingly favored by attackers or leave themselves exposed as they become pervasive.
    Wed recommend immediately blocking shortcut files received as email attachments or downloaded from the web where possible.

    Besides .lnk files, Holland also mentions HTML files. The company identified
    a couple of phishing campaigns in which threat actors pose as regional post services and use HTML files to deliver malware. These files are good at
    hiding malicious types which would otherwise be picked up by email gateways and malware protection services. Here's our rundown of the best ransomware protection services right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/microsofts-campaign-against-malicious-macros-ha s-given-rise-to-new-dangerous-attacks/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)