Just when you thought it couldn’t get any worse, the cyber-criminals pile on more threats. More reason to train your staff on cyber-security and get your cyber-security in order before it’s too late.
Repost from FierceITSecurity …
The year 2015 saw the resurgence of macro malware hidden in seemingly legitimate Microsoft Office documents.
To trick recipients of emails with infected files, attackers use social engineering techniques, such as naming the file “invoice details” or “resume,” related security firm Bromium Labs in its Endpoint Exploitations Trends 2015 released on Thursday.
The malware is hidden in large repositories of visual basic, making it difficult to detect, the report explained.
“When you click on a malicious Word file, it will mostly drop something like Dridex. These are Trojans with capabilities of stealing your personal data … It also can drop additional malware that provides backdoor access to your computer,” Vadim Kotov, senior security researcher at Bromium, told FierceITSecurity.
In addition, Bromium Labs found that vulnerabilities and exploits targeting widely used software, such as Microsoft Internet Explorer and Office, Mozilla Firefox, Google Chrome, Adobe Flash, and Java increased markedly last year. In particular, Adobe Flash saw a 200 percent increase in exploits last year.
Ransomware is a growing problem, with the number of ransomware families increasing 600 percent since 2013.
Also the report found that malvertising is on the rise. “Many high-profile websites host ads that serve malware. Even if you visit a website like YouTube, which seems trustworthy, you still can get malware from it,” explained Kotov.
IT security pros need to be particularly concerned about the resurgence of macro malware, said Kotov. Employees at an average company are often “overwhelmed by a huge amount of email and they accidentally click on something like that. So it’s not really a matter of educating users anymore, anybody can be a victim of that,” he cautioned.
For more:
- read the original post
- read the full report [pdf]