Surge in deceptive simplicity exploitation by cyberattackers
The latest Global Threat Index for November 2023, published by cybersecurity solutions provider Check Point, has revealed a surge in the use of deceptive simplicity by cyberattackers to bypass traditional defences. Researchers discovered a worrying trend of AsyncRAT campaigns using malicious HTML files to covertly spread malware, in addition, the report also recorded the return of the FakeUpdates malware to the top ten list.
AsyncRAT, a remote access trojan (RAT) known for discreetly controlling computer systems from remote locations, utilises various file formats such as PowerShell and BAT to carry out process injections. In the recently discovered campaign, victims received an email with an embedded link. Upon clicking the link, a malicious HTML file was triggered which then initiated a series of events allowing the malware to evade detection by disguising itself as a trusted application.
The report also marked the resurgence of FakeUpdates, a JavaScript downloader, which has returned to the top ten list after a break of two months. This sophisticated piece of malware deploys compromised websites to trick users into running counterfeit browser updates, further allowing for the compromise by other malwares including GootLoader, Dridex, NetSupport, DoppelPaymer, and AZORult.
According to Maya Horowitz, VP Research at Check Point Software, the emerging cyber threats of November clearly illustrate how threat actors are leveraging seemingly harmless methods to infiltrate networks. He emphasised that, "The rise of the AsyncRAT campaign and the resurgence of FakeUpdates highlight a trend where attackers use deceptive simplicity to bypass traditional defences. This underscores the need for organisations to adopt a layered security approach that doesn't just rely on recognising known threats, but also has the ability to identify, prevent and respond to new attack vectors before they inflict harm."
The Check Point report also disclosed the most rampant malware families of the month. Formbook, an infostealer targeting Windows OS which garners credentials from various web browsers, secured the top rank with a global impact of 3%. FakeUpdates came second with 2% global impact, while Remcos, another RAT, stood third with a 1% impact worldwide.
The research also evidenced that the command injection over HTTP was the most exploited vulnerability with a global impact of 45%. This was followed by web servers malicious URL directory traversal impacting 42% of organizations worldwide and Zyxel ZyWALL command injection coming in third with 41% global reach.
At an industry level, Education/Research continued to be the most attacked sector globally, succeeding by Communications and Government/Military respectively. Among mobile threats, Anubis, a banking trojan malware for Android phones, continued to top the charts followed by AhMyth and SpinOk.