Evolving malware continues to pose threats to business, and new research has revealed a rise in the use of document-based malware since the start of 2019.
According to the newest Threat Spotlight from Barracuda Networks, researchers analyzed emails and identified more than 300,000 unique malicious documents, representing 48% of all malicious files detected in the last 12 months. The frequency of document-based malware rose dramatically in the first quarter of 2019, with 59% of all malicious files coming from documents.
“For the past couple of years, script files were a very popular attack method. The percentage of these sort of files declined drastically, however, and was a significant source of the increase of documents as an infection method,” said Jonathan Tanner, senior security researcher at Barracuda Networks.
Although documents are good for targeted attacks, the document-based malware analyzed were all used in phishing campaigns. However, Tanner said they are used in targeted attacks as well since as a file type they are less suspicious and more common in clean emails than other file types that could contain malware.
“Documents are a natural evolution from script files, since the languages used are also the ones used for documents – namely VBScript and JavaScript (which was often just called VBScript). The same attacks could be converted to document-based ones with only slight modifications. The script authors had already become very adept at obfuscation techniques, so these could contribute greatly to document-based malware where scripting is already more common and thus deeper inspection of the script itself is required."
Though researchers have long been able to detect and stop malware strains using signature-based methodology, they are increasingly seeing a need for an indicator-based detection process that uses the common cyber kill chain model to determine what makes something malicious, according to the report.