Johannesburg, 02 Mar 2020
While the fourth quarter of 2019 saw a decrease in total malware volume, a key global trend also unfolding within the period was the use of macro-enabled documents for malware delivery.
This is according to Cofense, the leading provider of intelligent phishing defence solutions, which recently released its Q4 2019 Malware Trends Report, giving insight into the malware families, delivery methods and campaigns that were prominent globally during the past quarter. Cofense is distributed throughout sub-Saharan Africa by value-added distributor Networks Unlimited Africa.
Stefan van de Giessen, General Manager: Cybersecurity at Networks Unlimited Africa, notes: “The intention of a macro is to assist with automating repetitive tasks. Macros can be found in Microsoft Office documents such as Word, Excel and PowerPoint, containing embedded code written in a programming language known as Visual Basic for Applications (VBA).
“However, threat actors can write VBA code to create macros that do harmful things and are embedded in documents that are then distributed online. Despite awareness and security efforts, macro-enabled documents continue to find their way into users’ inboxes. These documents are an initial intrusion vector for several malware families, such as the Emotet Trojan. Few companies can completely disable macros, as they provide a valuable function in many environments.”
Emotet is a banking Trojan and botnet that distributes malicious e-mails to harvest financial information by injecting computer code into the networking stack of an infected Microsoft Windows computer, allowing sensitive data to be stolen via transmission. Source: Wikipedia
The Cofense Report notes the prominence of Emotet in the last quarter of 2019, continuing a rise from Q3’s reporting, and with this, a corresponding sharp rise from the third quarter in macro-enabled documents as a malware delivery mechanism.
Emotet’s disguises in distributing malicious e-mails during Q4 2019 included the delivery of fake financial invoices and invitations to a Christmas party, as well as other phishing bait. The Cofense report notes that other malware families were not as prolific, decreasing in volume as the quarter went on.
“As the report notes, Emotet is one of a number of threats currently facing organisations,” comments Van de Giessen, “and so it is imperative to understand the current phishing landscape, as well as its future evolutions, to help organisations protect themselves from security breaches.”
According to the Cofense report, Emotet is likely to continue its infections into 2020, also noting: “On the malware front, Windows 7’s end-of-life will probably lead to the creation of new malware and look for targeted ransomware to continue growing. 2020’s election season may bring about more phishing, while geopolitical events can result in more cyber threats.”
The report also fingered the information stealer, Loki Bot, which took the top spot as the most prevalent non-Emotet malware, with the Agent Tesla keylogger in second place. It is possible that less-experienced threat actors have preferred Loki Bot over its competition because of its easy deployment and low maintenance, enabling more distribution with less effort. “This report is another example of the invaluable information that comes from Cofense Intelligence, as well as the range of factual data that it is able to provide,” comments Van de Giessen, “and underscores the increasingly sophisticated world of threat actors.
“This all goes to emphasise, once again, that technology alone is not enough when we try to assist both individuals and organisations to fight against cyber crime. The consistent ethos behind Cofense’s solutions is to unite people with technology, offering human-focused phishing defence solutions which enable people to identify, report, and mitigate such threats as spear phishing and malware,” he concludes.
You can access the full Cofense Q4 2019 Malware Trends Report here and listen to Cofense’s Webinar on Q4 Malware Trends at: https://www.brighttalk.com/webcast/10219/384300
To learn more about Cofense’s phishing incident solutions, please visit: https://networksunlimited.africa/products/security/cofense
Share
Cofense
Cofense, the leading provider of intelligent phishing defence solutions worldwide, is uniting humanity against phishing. The Cofense suite of products combines timely attack intelligence sourced from employees, with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches. Cofense customers include Global 1000 organisations in defence, energy, financial services, health care and manufacturing sectors that understand how changing user behaviour will improve security, aid incident response and reduce the risk of compromise.
Networks Unlimited Africa
Networks Unlimited Africa is a value-added distributor, offering the best and latest solutions within the converged technology, data centre, networking, and security landscapes. The company distributes best-of-breed products, including Altaro, Attivo Networks, Carbon Black, Cofense, Fortinet, F5, Hitachi Vantara, Indegy, Mellanox Technologies, NETSCOUT, ProLabs, RSA, Rubrik, SevOne, Silver Peak, Tintri by DDN and Uplogix. Our product portfolio provides cutting edge solutions from the network edge to the data centre, and addresses key areas such as cybersecurity in the IT/OT space, hybrid cloud, datacentre and infrastructure, networking and integration, SD-WAN solutions, network performance management and application performance management, application delivery networking and load balancing, DataOps management and data management, and backup and recovery solutions. Most of our solutions are highly regarded by Gartner and will be found on their respective magic quadrants. Since its formation in 1994, Networks Unlimited Africa has continually adapted to today's progressively competitive and evolving marketplace, and has reaped the benefits by being a leading value-added distributor (VAD) within the Sub-Saharan Africa market.