Experts On Report: Cofense Malware Trends Report Shows Heavy Use Of Macro-enabled Documents For Malware Delivery

Cofense has released release its Q4 2019 Malware Trends report, shedding light on the malware families, delivery methods and campaigns that dominated the past quarter.

Q4 2019 demonstrated an overall decrease in malware volume, as Emotet (also known as Geodo) overtook the limelight and threat actors scaled down for the holidays.

The information stealer Loki Bot edged out once abundant Agent Tesla keylogger from its top spot as the most prevalent non-Emotet malware, demonstrating perpetual lead changes between the two. Less-experienced threat actors have likely favored Loki Bot over its competition thanks to easy deployment and low maintenance, enabling more distribution with less effort.

Using macro-enabled documents for malware delivery accounted for a sizeable portion of malware phishing emails, predominantly as part of Emotet campaigns. Unlike Q3 2019, threat actors diminished the use of CVE-2017-11882 to enable further payloads, which typically involves a malicious Rich Text Format (RTF) or Excel Spreadsheet file that downloads or executes another malware such as Loki Bot or HawkEye Keylogger.

Globally, Command and Control (C2) servers for malware related to phishing campaigns stood fast, as the United States continued to account for a sizable portion at over 40%. The U.S. grew by 6% while Russia fell by 4% in total C2 distribution. Germany, France, and the UK trailed behind in malware delivery or command.

The full report can be found here: https://cofense.com/wp-content/uploads/2020/01/Q4-2019_Malware-Trends.pdf

Experts Comments

January 27, 2020
Niamh Muldoon
Senior Director of Trust and Security, EMEA
OneLogin
20 year on in my career, I am still saying "There is no one single bullet - Defence in Depth is the key". Apply controls to technologies, make sure security is included in business processes, and ensure the organisation has a good security culture. Applying a Defence in Depth (DiD) model to security within your organisation, with security controls in place within technologies, business processes and culture will begin to support reducing risk associated with new malware variants. Don't.....Read More
20 year on in my career, I am still saying "There is no one single bullet - Defence in Depth is the key". Apply controls to technologies, make sure security is included in business processes, and ensure the organisation has a good security culture. Applying a Defence in Depth (DiD) model to security within your organisation, with security controls in place within technologies, business processes and culture will begin to support reducing risk associated with new malware variants. Don't underestimate the value of security awareness programmes for keeping your employees conscious of new malware threats.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.