Avast researchers discover new zero-day
exploits, and changes in attack vectors since Microsoft Office
macros have been blocked
PRAGUE, Aug. 10,
2022 /PRNewswire/ -- Avast (LSE: AVST), a global
leader in digital security and privacy released its Q2/2022 Threat
Report today, revealing a significant increase in global ransomware
attacks, up 24% from Q1/2022. Researchers also uncovered a new
zero-day exploit in Chrome, as well as signals how cybercriminals
are preparing to move away from macros as an infection vector.
Ransomware attacks
increase
After months of decline, global ransomware attacks increased
significantly in Q2/2022, up 24% from the previous quarter. The
highest quarter-on-quarter increases in ransomware risk ratio
occurred in Argentina (+56%), UK
(+55%), Brazil (+50%),
France (+42%), and India (+37%).
"Consumers, but especially businesses should be on guard and
prepared for encounters with ransomware, as the threat is not going
anywhere anytime soon," explains Jakub Kroustek, Avast Malware
Research Director. "The decline in ransomware attacks we observed
in Q4/2021 and Q1/2022 were thanks to law enforcement agencies
busting ransomware group members, and caused by the war in
Ukraine, which also led to
disagreements within the Conti ransomware group, halting their
operations. Things dramatically changed in Q2/2022. Conti members
have now branched off to create new ransomware groups, like Black
Basta and Karakurt, or may join other existing groups, like Hive,
BlackCat, or Quantum, causing an uptick in activity."
Zero-day exploits
Avast researchers discovered two new zero day exploits used by
Israeli spyware vendor Candiru to target journalists in
Lebanon, among others. The first
was a bug in WebRTC, which was exploited to attack Google Chrome
users in highly targeted watering hole attacks, but also affected
many other browsers. Another exploit allowed the attackers to
escape a sandbox they landed in after exploiting the first
zero-day. The second zero-day Avast discovered was exploited to get
into Windows kernel.
Another zero-day described in the report is Follina, a remote
code execution bug in Microsoft Office, which was widely exploited
by attackers ranging from cybercriminals to Russia-linked APT groups operating in
Ukraine. The zero-day was also
abused by Gadolinium/APT40, a known Chinese APT group, in an attack
against targets in Palau.
Macros blocked by
default
Microsoft is now blocking VBA macros by default in Office
applications. Macros have been a popular infection vector for
decades. They were used by threats described in the Q2/2022 Threat
Report, including remote access trojans like Nerbian RAT, a new RAT
written in Go that emerged in Q2/2022, and by the Confucius APT
group to drop further malware onto victims' computers.
"We have already noticed threat actors beginning to prepare
alternative infection vectors, now that macros are being blocked by
default. For example, IcedID and Emotet have already started using
LNK files, ISO or IMG images, and other tricks supported on the
Windows platform as an alternative to maldocs to spread their
campaigns," continued Jakub Kroustek. "While cybercriminals will
surely continue to find other ways of getting their malware onto
people's computers, we are hopeful that Microsoft's decision will
help make the internet a safer place."
The full Avast Q2/2022 Threat Report can be found here:
https://decoded.avast.io/threatresearch/avast-q2-2022-threat-report/
About Avast:
Avast (LSE: AVST), a FTSE 100 company, is a global leader in
digital security and privacy, headquartered in Prague, Czech Republic. With over 435 million
users online, Avast offers products under the Avast and AVG brands
that protect people from threats on the internet and the evolving
IoT threat landscape. The company's threat detection network is
among the most advanced in the world, using machine learning and
artificial intelligence technologies to detect and stop threats in
real time. Avast digital security products for Mobile, PC or Mac
are top-ranked and certified by VB100, AV-Comparatives, AV-Test, SE
Labs and others. Avast is a member of Coalition Against
Stalkerware, No More Ransom, and the Internet Watch Foundation.
Visit: www.avast.com.
Keep in touch with
Avast:
- For security and privacy insights, visit the Avast blog:
https://blog.avast.com/
- For in-depth technical analysis of threats, visit the Avast
Decoded blog: https://decoded.avast.io/
- For handy guides, advice and tips, visit Avast Academy:
https://www.avast.com/c-academy
- For more information about Avast visit:
https://www.avast.com/en-gb/about and
https://www.avast.com/company-faqs
- Follow us on Twitter: @Avast
- Join our LinkedIn community:
https://www.linkedin.com/company/avast
- Visit our Facebook group: www.facebook.com/avast
Contact: PR@avast.com
View original content to download
multimedia:https://www.prnewswire.com/news-releases/q22022-threat-report-ransomware-on-the-rise-301603500.html
SOURCE Avast Software, Inc.