A recent report by Cofense shows that in the third quarter of this year, the most common technique for distributing malware via phishing campaigns is the exploitation of CVE-2017-11882, a critical flaw in Microsoft Office that was patched in 2017, but has been around for almost two decades. Attackers embed the malware in Office attachments. If a recipient opens the attachment, the malicious code is executed, which usually leads to additional malware being installed on the target system.
Another noticeable trend in Q3 was the decrease in ransomware-as-a-service (RaaS), mostly as a result of the GandCrab RaaS service shutting down and attackers increasingly switching to more targeted campaigns. Sodinokibi has emerged as a potential successor to GandCrab, but has so far been used in far fewer campaigns than GandCrab in its heyday. Mollie MacDougall of Cofense believes that “the decline of RaaS may continue, but we definitely expect more targeted ransomware campaigns to continue and likely increase.”
Read more: Microsoft Office Bug Remains Top Malware Delivery Vector