Emotet rockets to the top of the malware charts in Q1
The latest Threat Insights Report from HP Wolf Security shows a 27-fold increase in detections resulting from Emotet malicious spam campaigns in the first quarter of 2022.
Based on findings from millions of endpoints running HP Wolf Security, this makes Emotet the most seen malware family in the period accounting for nine percent of all malware captured.
"Our Q1 data shows this is by far the most activity we've seen from Emotet since the group was disrupted early in 2021 -- a clear signal its operators are regrouping, building back their strength and investing in growing the botnet. Emotet was once described by CISA as among the most destructive and costly malware to remediate and its operators often collaborate with ransomware groups, a pattern we can expect to continue. So their reemergence is bad news for businesses and public sector alike," says Alex Holland, senior malware analyst at the HP Wolf Security threat research team. "Emotet also continued to favor macro-enabled attacks – perhaps to get attacks in before Microsoft’s April deadline, or simply because people still have macros enabled and can be tricked into clicking on the wrong thing."
As Macros in Office documents start to be phased out, HP has also seen a rise in attacks using non-Office-based formats, including malicious Java Archive files (+476 percent) and JavaScript files (+42 percent) compared to the last quarter. Such attacks are harder for organizations to defend against because detection rates for these file types are often low, increasing the chance of infection.
Among other findings nine percent of threats hadn't been seen before at the time they were isolated, with 14 percent of email malware isolated having bypassed at least one email gateway scanner.
Threats used 545 different malware families in their attempts to infect organizations, with Emotet, AgentTesla and Nemucod being the top three. The report shows 45 percent of malware isolated by HP Wolf Security used Office file formats, with the most common attachments used to deliver malware being spreadsheets (33 percent), executables and scripts (29 percent), archives (22 percent), and documents (11 percent).
The full report is available from the HP Wolf site.