SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Advanced Persistent Threat Protection
#
Cybersecurity
#
EDR
Surge in deceptive simplicity exploitation by cyberattackers
Fri, 15th Dec 2023
Author image
By Shannon Williams, Journalist
Follow us

The latest Global Threat Index for November 2023, published by cybersecurity solutions provider Check Point, has revealed a surge in the use of deceptive simplicity by cyberattackers to bypass traditional defences. Researchers discovered a worrying trend of AsyncRAT campaigns using malicious HTML files to covertly spread malware, in addition, the report also recorded the return of the FakeUpdates malware to the top ten list.

AsyncRAT, a remote access trojan (RAT) known for discreetly controlling computer systems from remote locations, utilises various file formats such as PowerShell and BAT to carry out process injections. In the recently discovered campaign, victims received an email with an embedded link. Upon clicking the link, a malicious HTML file was triggered which then initiated a series of events allowing the malware to evade detection by disguising itself as a trusted application.

The report also marked the resurgence of FakeUpdates, a JavaScript downloader, which has returned to the top ten list after a break of two months. This sophisticated piece of malware deploys compromised websites to trick users into running counterfeit browser updates, further allowing for the compromise by other malwares including GootLoader, Dridex, NetSupport, DoppelPaymer, and AZORult.

According to Maya Horowitz, VP Research at Check Point Software, the emerging cyber threats of November clearly illustrate how threat actors are leveraging seemingly harmless methods to infiltrate networks. He emphasised that, "The rise of the AsyncRAT campaign and the resurgence of FakeUpdates highlight a trend where attackers use deceptive simplicity to bypass traditional defences. This underscores the need for organisations to adopt a layered security approach that doesn't just rely on recognising known threats, but also has the ability to identify, prevent and respond to new attack vectors before they inflict harm."

The Check Point report also disclosed the most rampant malware families of the month. Formbook, an infostealer targeting Windows OS which garners credentials from various web browsers, secured the top rank with a global impact of 3%. FakeUpdates came second with 2% global impact, while Remcos, another RAT, stood third with a 1% impact worldwide.

The research also evidenced that the command injection over HTTP was the most exploited vulnerability with a global impact of 45%. This was followed by web servers malicious URL directory traversal impacting 42% of organizations worldwide and Zyxel ZyWALL command injection coming in third with 41% global reach.

At an industry level, Education/Research continued to be the most attacked sector globally, succeeding by Communications and Government/Military respectively. Among mobile threats, Anubis, a banking trojan malware for Android phones, continued to top the charts followed by AhMyth and SpinOk.

Related stories
Smarttech247 & SentinelOne launch AI-powered cybersecurity for SMEs
GitHub's 2FA initiative helps secure software supply chain
Jason Haddix joins Flare as Field Chief Information Security Officer
AI tools linked to data exposure in 1 in 5 UK organisations
Trend Micro introduces AI-driven cyber risk management features
Top stories
Australian businesses fast-track Microsoft cloud adoption amid cyber threats
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Exclusive: How Darktrace is tackling AI-driven cybersecurity