Experts On Report: Cofense Malware Trends Report Shows Heavy Use Of Macro-enabled Documents For Malware Delivery

By   ISBuzz Team
Writer , Information Security Buzz | Jan 27, 2020 05:31 am PST

Cofense has released release its Q4 2019 Malware Trends report, shedding light on the malware families, delivery methods and campaigns that dominated the past quarter.

Q4 2019 demonstrated an overall decrease in malware volume, as Emotet (also known as Geodo) overtook the limelight and threat actors scaled down for the holidays.

The information stealer Loki Bot edged out once abundant Agent Tesla keylogger from its top spot as the most prevalent non-Emotet malware, demonstrating perpetual lead changes between the two. Less-experienced threat actors have likely favored Loki Bot over its competition thanks to easy deployment and low maintenance, enabling more distribution with less effort.

Using macro-enabled documents for malware delivery accounted for a sizeable portion of malware phishing emails, predominantly as part of Emotet campaigns. Unlike Q3 2019, threat actors diminished the use of CVE-2017-11882 to enable further payloads, which typically involves a malicious Rich Text Format (RTF) or Excel Spreadsheet file that downloads or executes another malware such as Loki Bot or HawkEye Keylogger.

Globally, Command and Control (C2) servers for malware related to phishing campaigns stood fast, as the United States continued to account for a sizable portion at over 40%. The U.S. grew by 6% while Russia fell by 4% in total C2 distribution. Germany, France, and the UK trailed behind in malware delivery or command.

The full report can be found here:

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Niamh Muldoon
Niamh Muldoon , Senior Director of Trust and Security, EMEA
January 27, 2020 2:04 pm

20 year on in my career, I am still saying \”There is no one single bullet – Defence in Depth is the key\”. Apply controls to technologies, make sure security is included in business processes, and ensure the organisation has a good security culture. Applying a Defence in Depth (DiD) model to security within your organisation, with security controls in place within technologies, business processes and culture will begin to support reducing risk associated with new malware variants. Don\’t underestimate the value of security awareness programmes for keeping your employees conscious of new malware threats.

Last edited 3 years ago by Niamh Muldoon

Recent Posts

Would love your thoughts, please comment.x