Welcome to the Q4 2021 edition of the HP Wolf Security Threat Insights Report. The report reviews notable malware isolated by HP Wolf Security in the fourth quarter of 2021, so that security teams can better understand the threat landscape and defend their environments. Highlights from this report include:
- A near-sixfold surge in attackers using Excel add-ins (.XLL) to infect systems and how an increasing number of malware families are being distributed using this technique. We expect this trend to continue throughout 2022, but it remains to be seen if Excel add-ins will displace battle hardened execution techniques like Office macros.
- How Aggah, a financially motivated threat group, targeted South Korean organizations with malicious PowerPoint add-ins (.PPA) to deliver remote access Trojans to businesses.
- How a fake Discord website hosting malware posed as the popular chat application’s installer, tricking users into infecting their PCs with RedLine, an information stealer.
- The return of Emotet and its change in tactics, techniques and procedures (TTPs).
- The top exploited vulnerabilites and file types isolated by HP Sure Click in Q4.