The Week in Breach -Ransomware Isn’t the Only Malware Threat Companies Face

Make sure to add us or contact us for the latest news

Real-Time Service Alerts



Ransomware Isn’t the Only Malware Threat Companies Face

Other Types of Malware Are Surging, Imperiling Businesses


While ransomware may get the bulk of the press attention when it comes to cybersecurity, it’s not the only malicious software game in town. Other types of malware can also cause businesses harm, and the chance that a company will come into contact with one of them, or fall victim to an infection, is higher than ever. Malware threats can arrive through a variety of sources including SMS, social media, and chat but the most likely way that a company’s employees will come into contact with malware is through a phishing email and that is not good news for businesses.


Malware is A Growth Industry


Both phishing email volume and malware attack volume ballooned in 2021, with no end to that growth in sight. The UK Information Commissioner’s Office (ICO) recently announced that it recorded a staggering volume of email attacks in 2021 amounting to a 2,650% surge in phishing. ICO detailed the significant growth noting that they counted 150,317 phishing attacks in January 2021, which dramatically increased to a startling 4,135,075 in December 2021, demonstrating that increase. The bulk of those email attacks were spam, with a 2,775% increase in malicious spam noted between January and December 2021. Phishing messages made up the second-largest set, climbing 20% between January and December 2021 with a notable surge toward the end of the year.

But a hefty chunk of those phishing attacks contained malware. ICO recorded a 423% increase in malware attacks in 2021. The malware problem that companies face has been a steadily growing issue, with an 87% increase in malware infections recorded over the last decade. While a respectable amount of that increase can be chalked up to the rise of ransomware, other types of malware also played a role. Ten years ago, the number of detected malware types stood at 28.84 million. By 2020, that number had ballooned to nearly 678 million varieties and that total is still rising.

What the Heck is Malware Anyway?


“Malware” is a term spawned from a mashup of “malicious software”. That’s what malware is; malicious software that enters an environment or machine and forces unwelcome changes to the way those things operate. Ransomware is a flavor of malware, but not all malware is ransomware. Malware hews to one of three general formats based on how the malicious software does its dirty work. While these three types do not categorize all malware, most of it fits in one of these boxes:

  • Trojans are the most common variety of malware that IT teams will encounter accounting for more than 50% of all infections. This type of malware masquerades as harmless software and can initiate a variety of attacks on systems. Some trojans are aided by human action while others function without user intervention.
  • Viruses are the second most common species of malware,  responsible for a little over 10% of total malware infections. Similar to a real-life virus, this type of malware attaches itself to benign files on a computer and then replicates, spreading itself and infecting other files.
  • Worms are another type of malware behind about 10% of malware attacks. A worm is a standalone piece of malicious software that reproduces itself and spreads from computer to computer. Worms are designed to exploit operating system vulnerabilities.

What Are the Common Varieties of Malware to Watch Out for Right Now?


Malware is constantly evolving as it floats around, with certain strains going in and out of fashion based on their effectiveness. It’s pretty easy for cybercriminals to access malware cheaply or for free on the dark web or pay someone to spread it through a phishing campaign for them. That’s what major ransomware groups are doing with their affiliates; supplying a variety of malware, getting other people to run the operations for them and collecting a chunk of the profits from a successful hit.  The growth of the cybercrime-as-a-service economy has greatly contributed to the staying power of malware strains like these:

Dridex 

Dridex is a variety of malware that concentrates on financial crimes. This banking malware targets the Windows platform. Dridex first appeared in 2012, and by 2015 it had become a prevalent financial Trojans. Typically, Dridex is distributed through phishing emails containing malicious Word or Excel attachments. Its goal is to enable cybercriminals to invade computers and steal banking credentials and other personal information that can be used to facilitate money transfers. One common way that a Dridex attack happens is through persuading an employee to open an email attachment. That malicious attachment is infected with Drydex malware. The attachment asks the recipient to take certain prompted, seemingly harmless actions like enabling macros. Those actions then download the malware and install it on the victim’s device. CISA says that legendary cybercrime organization group Evil Corps aka REvil are the originators of Dridex malware.

Cybercriminals are using this malware right now, attaching it to emails that exploit people’s fears around the growth of the Omicron COVID-19 variant. In a currently active Dridex campaign, bad actors are sending their prospective victims phishing emails that are socially engineered to make them extremely appealing, using subject lines like “COVID-19 testing result”. Inside, the harmless-looking message informs the recipient that they are being notified that they were recently exposed to a coworker who tested positive for the Omicron COVID-19 variant. The recipient is instructed to open an Excel document to learn more. The email helpfully includes the relevant password-protected Excel attachment and the password needed to open the document – which of course is infected with Dridex malware.

Emotet 

Emotet is a sophisticated Trojan commonly functioning as a downloader or dropper of other malware. Like others of its type, Emotet is primarily spread via phishing email attachments and links that, once clicked, launch the payload. The US Cybersecurity Infrastructure Security Agency (CISA) warns that Emotet is difficult to combat because of its “worm-like” features that enable network-wide infections and its use of modular Dynamic Link Libraries to continuously evolve and update its capabilities. This variety of malware is notorious and its use waxes and wanes. In January 2021, authorities in Europe were able to gain control of Emotet ‘s infrastructure, shutting it down.

But by December 2021, Emotet was ready to stage a comeback. Recently, researchers have warned that they’ve detected Emotet back on the scene operating through a new attack vector. This attack takes advantage of the fact that employees are constantly sending and handling Office 365 files. Cybercriminals capitalized on that by adding a few social engineering tweaks to make their Emotet-laden phishing messages seem like routine messages with routine attachments. In this scenario, victims receive an email containing an Excel file that includes a dangerous Excel 4.0 macro that when activated downloads and executes an HTML application. That application then downloads two stages of PowerShell to retrieve and deploy a poisonous payload: Emotet.

Cybercriminals have been quick to evolve old strains of malware or develop new ones to do their dirty work.  Revenue in the malware industry has been steadily growing and is expected to reach 8 billion US dollars by 2025. An enormous rise in email volume has also played a role in making malware a go-to attack for bad actors. Over 92% of all malware is delivered by email, giving the bad guys plenty of opportunities to get their malicious messages into inboxes. Add to that the dependence that companies have on email and chat in the remote work era and businesses are looking at a recipe for disaster.


Reduce Your Company’s Risk for Malware Attacks Affordably


If you’re looking for a solution to combat malware risk without breaking the bank, security awareness training is a perfect match. Not only does security awareness training reduce a company’s chance of experiencing a damaging cybersecurity incident by up to 70% it also reduces a company’s cost for dealing with phishing by an estimated 50%, saving your company money immediately and in the future.

Dark Web ID’s Top Threats This Week


San Francisco 49ers

https://abcnews.go.com/Sports/wireStory/ransomware-gang-hacked-49ers-football-team-82865844

Exploit: Ransomware

San Francisco 49ers: National Football League (NFL) Team

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.727= Severe

While everyone was focused on the big game last week, cybercriminals were focused on the San Francisco 49ers. The team was hit by a ransomware attack, purportedly by BlackByte. The cybercriminals claim they stole some of the football team’s financial data, invoices and other internal documents. The team stressed the fact that this event appeared to be limited to their corporate network and did not endanger any fan or stadium databases.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

Customers Impacted: Unknown

How It Could Affect Your Business: Organizations in industries that have had historically poor security are attractive low-hanging fruit for cybercriminals.

IntegraMSP to the Rescue: Get an in-depth look at how ransomware is evolving and who profits from it in our hit eBook Ransomware ExposedGET THIS EBOOK>> 


EasyVote Solutions

https://www.govtech.com/security/georgia-voter-info-posted-online-after-software-company-breach

Exploit: Misconfiguration

EasyVote Solutions: Voting Software Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.561 =Severe

EasyVote Solutions has exposed some voter and poll worker data. The data was left unguarded and easily accessible on the internet. The software company says that exposed information does not include full voting records or registrations. The breach was discovered by South Carolina Law Enforcement Division (SLED) internet researchers. SLED and the FBI are investigating.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.772 =Severe

Exposed data for voters can include names, addresses, races and dates of birth. Exposed data for poll workers may include those details plus identity documents, Social Security numbers and financial data.

Customers Impacted: 3,000 so far

How It Could Affect Your Business Misconfiguration and sloppy security aren’t uncommon mistakes, but they’re always a problem and could be an expensive regulatory disaster in some industries.

IntegraMSP to the Rescue: Share The Computer Security To-Do List with your clients to help them find vulnerabilities and you’ll start profitable conversations! DOWNLOAD IT>>


Meter

https://www.zdnet.com/article/4-4-million-stolen-in-attack-on-blockchain-infrastructure-meter/

Exploit: Hacking

Meter: De Fi Platform

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.279= Extreme

Another day, another DeFi hack. This time the victim was blockchain infrastructure company Meter. $4.4 million was stolen during a cyberattack on the Meter Passport platform in the form of 1391 ETH and 2.74 BTC. The incident also impacted Meter’s Moonriver Network. The company acknowledged the hack on Saturday, urging users not to trade unbacked meterBNB circulating on Moonriver. The company says that it plans to repay some investors and the incident is under investigation.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

Customers Impacted: Unknown

How It Could Affect Your Business De Fi continues to be a hotbed of hacking activity as cybercriminals seek quick scores of cryptocurrency, and there’s still no end to the danger in sight.

IntegraMSP to the Rescue:  Building cyber resilience helps insulate organizations from trouble like this. Learn more about why cyber resilience is the ticket to a safer future for your clients. GET THIS EBOOK>>


Memorial Hermann Health System

https://www.khou.com/article/news/local/memorial-hermann-cyberattack-security-breach/285-1cc8295d-48a4-452e-a6f2-1b4fd059f201

Exploit: Third-Party Breach

Memorial Hermann Health System: Healthcare Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.861 = Severe

Memorial Hermann Health System is notifying patients that their data has been exposed after a data security incident at one of their service providers, Advent Health Partners. That company has been investigating unauthorized activity on company email accounts related to Memorial Hermann data. The incident was first spotted in September 2021.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.712 = Severe

An unauthorized third party accessed multiple files containing Memorial Hermann patients’ protected health information (PHI) that may include first names, last names, dates of birth, social security numbers, driver’s license numbers, financial information, health insurance information and treatment information.

Customers Impacted: 6,260

How it Could Affect Your Business Cybercriminals are poised to attack any company that handles or stores large amounts of valuable personal or health-related data.

IntegraMSP to the Rescue: Cybersecurity horrors lurk around every corner, lying in wait for unwary organizations. Learn how to defeat them in our eBook Monsters of Cybersecurity. DOWNLOAD IT NOW>>


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors relted to the assessed breach.