Sonicwall Cyber Threat Report – Risks from Kits and Macros

Sonicwall Cyber Threat Report – Risks from Kits and Macros

New Exploit Kits Emerging

With of various cyber-criminal gang
members, some exploit kits (EK) have emerged to
replace older variants. But even the new EKs still
utilize fairly old Internet Explorer and Adobe Flash
vulnerabilities. Like their predecessors, they also are
mainly distributed via “drive-by-download” and
malvertizing campaigns.

Newer and more sophisticated EKs, however, use
file-less attacks instead of dropping traditional
payloads to the disk. Magnitude EK, Underminer EK
and Purplefox EK have been known to leverage
file-less payloads, many of which are ransomware.
As another example, router-based exploit kits can
alter a router’s DNS settings so that users are
redirected to phishing and other malicious
websites.

Macros enabling malicious activity

Each year, SonicWall sees an increase in the use of
document files as an initial vector for malware
infection. Be it targeted attacks, wide-spread
infections or marketing-based spam campaigns,
Visual Basic for Applications (VBA) macros are
involved everywhere because of their versatility
and wide range of capabilities.

TrickBot, Ursnif, Emotet, Lokibot and Remcos are
some of the prevalent malware families that use a
malicious VBA Macro for their distribution. Even
though the Microsoft Office installation process has
macros disabled by default, threat actors trick users
into enabling them by making use of socialengineering
techniques.

See how the experts at CisCom can help you with this and more!

Blog content for the Sonic Wall Cyber Threat Report series provided by our partners at SonicWall.