Macros big again with cybercriminals

Starting last fall, the use of attachments increased eight-fold, and that increase has persisted to this day, according to a new report

attachments paperclip
Thinkstock

Up to a year ago, most phishing emails were all about tricking users into clicking on malicious links that led to malware downloads. Starting last fall, however, the use of attachments increased eight-fold, and that increase has persisted to this day, according to a new report from Proofpoint.

Attachments were barely on the radar at the start of 2014, but began slowly picking up in the spring, with growth accelerating in the fall. By the end of the year, phishing emails were evenly divided between URLs and attachments. Then URL use declined at the start of this year, and the use of attachments continued to climb, to the point where they were outnumbering URLs four-to-one by April.

And the trend seems to be accelerating. According to Proofpoint, there were 56 different campaigns that used macros to deliver the Dridex Trojan, sometimes delivering several million malicious emails in a single day.

There were two reasons for this, according to Kevin Epstein, vice president, advanced security and governance at Proofpoint. Macro writers got better at evading security mechanisms, and drive-by downloads became harder to do.

To successfully deploy malware via a browser download, the criminals has to discover a bug in the browser and write code to take advantage of that bug.

"It's not cheap or easy to find these flaws," Epstein said.

To continue reading this article register now

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon