Close

Request Demo

BUFFERZONE is available to Enterprise companies only. Please fill out the form below and we’ll contact you shortly


    Enterprise

    Protect the enterprise where most breaches occur - at the endpoint

    Virtual Desktops

    VDI is vulnerable to advanced threats just like physical endpoints

    Financial

    Financial organizations need a robust, flexible solution for securing access to the internet, email attachments, and removable storage.

    Blog

    Back

    What Can We Learn from VirusTotal Malware Trends Report 2023

    By BUFFERZONE Team, 27/07/2023

    Target: Consumers

    Tags:  Content Disarm and Reconstruction (CDR), Malware, Isolation, Safe Workspace™, Zero-Trust

    Several interesting trends were highlighted in the recent VirusTotal Malware Trends Report for July 2023. The report highlighted a notable increase in the number of malicious files attached to emails from March to April 2023 [1]. The growing utilization of popular formats like OneNote and JavaScript alongside HTML for malicious purposes is an emerging concern.

    One trend in this landscape has been the spike in suspicious PDF files linked to malicious campaigns over the past two years. These PDF files serve different purposes, such as exploiting vulnerabilities or phishing, with the latter being more common [1]. However, OneNote has emerged as a popular format for distributing malware through email attachments in 2023. It became the fastest-growing format for malicious attachments that year, presenting a significant shift in cybercriminal tactics [1].

    A common technique with malicious OneNote files is embedding a malicious file (VBA, HTML +java script, PowerShell, or a combination of them), attempting to persuade the victim to enable execution. Security vendors have made strides in their detection capabilities for this format, with antivirus detection improving significantly after the first half of February 2023 [1].

    Another prominent trend has been the increased use of JavaScript distributed alongside HTML in sophisticated phishing attacks. These attacks are designed to steal victims’ credentials. In light of these trends, traditional formats like Excel, RTF, CAB, compressed formats, and Word have declined in popularity as malicious attachments [1].

    It’s important to mention that ISO files are emerging as a flexible alternative for both widespread and targeted attacks, making them difficult to scan by some security solutions due to heavy compression. These ISO files are often disguised as legitimate installation packages for various software, making them a challenging threat.

    The malware landscape in 2023 has seen the rise of unconventional methods for malware delivery, mainly through OneNote and JavaScript attachments, while traditional formats are becoming less popular. Security practitioners should take note of these trends and adjust their defensive strategies accordingly. We at BUFFERZONE® believe in application isolation, and Content disarm and Reconstruction (CDR).

    BUFFERZONE® Safe Workspace™

    BUFFERZONE Safe Workspace™ is a suite of prevention capabilities based on application isolation technology that includes Safe Browsing, SafeBridge® (Content Disarm and Reconstruction capabilities), and Safe Removable (USB attack prevention), all combined with clipboard security. Safe Workspace™ virtual container is created by a kernel driver, which virtually separates the operating system into two logical zones. The first zone is the trusted zone, which is connected to all the organization’s networks and the operating system’s files. The second zone is called the untrusted zone, which acts as a buffer zone where different applications can securely run isolated from the trusted zone’s memory, files, registry, and processes. This method offers advantages such as low CPU and memory footprint, high quality of experience, and the ability to seamlessly work inside the virtual container without noticing that you are protected from browsing and USB threats. BUFFERZONE® is the only virtual containment solution based on six patented technologies.

    By using an advanced isolation solution, the organization’s content is secure. Downloaded attachments are isolated, while antivirus and EDR (Endpoint Detection and Response) solutions can always scan the untrusted virtual zone. The virtual environment can be cleaned in one click, eliminating malicious traces. Ransomware will not be able to run and attack the endpoint. BUFFERZONE CDR technology prevents evasive file-based malware attacks such as OneNote [2].

    References

    [1] VICENTE DÍAZ, VirusTotal Malware Trends Report: Emerging Formats and Delivery Techniques, https://blog.virustotal.com/2023/07/virustotal-malware-trends-report.html

    [2] BUFFERZONE Security, OneNote Malware Attack Prevention Using Content Disarm and Reconstruction, https://bufferzonesecurity.com/onenote-malware-attack-prevention-using-content-disarm-and-reconstruction/