Cyber-crime economy triggers rise in malicious macros

Proofpoint has released The Cybercrime Economics of Malicious Macros report. The report exposes the economical and technical leaders behind the recent worldwide surge of malicious macros. It highlights how cyber-criminals have returned to inexpensive macros in order to reach more targets, resulting in a greater return on their financial investment. The high success rates and cost-effective malicious macros have quickly and considerably altered the scene of email-borne threats.

Six key findings from the report include:

· Campaigns strongly rely on the human factor. Deceptively simple and flexible malicious macros, which have replaced URL-based threats with attachment-based campaigns as the dominant threat, are rooted in their ability to use phishing techniques to exploit the human factor and trick an end user into clicking.

· Macros campaigns are increasingly sophisticated and evade many modern detection tactics including sandboxes. Today's macros campaigns are highly successful at evading not only traditional signature and reputation-based defences, but also newer behavioural sandboxes.

· Effectiveness is a primary driver. The high success rates and cost-effectiveness of increasingly sophisticated malicious macros have driven the shift in malware-based email attacks.

· Malicious macro attachment campaigns have grown in size and frequency. Proofpoint expects malicious macros campaigns will continue to grow until either the cost increases or effectiveness decreases to the point that significant ROI is no longer delivered.

· Sophisticated actors lead the campaigns. Although malicious macros offer a low barrier to entry for attackers, the predominant campaigns are still driving malware. Only the most sophisticated attackers have the expertise to successfully use these campaigns.

· Lower cost and high accessibility promote attacker success. The budget for a malicious document (or “maldoc”) campaign can range from zero to $1,000 (£634). Also, attachment-based unsolicited email campaigns may exceed exploit kits (EKs) in popularity. While a range of spamming services is available, most EK services are sold in private circles and are not readily available to entry- to mid-level criminals.

Organisations can never underestimate the human factor—employees will almost always click. They must deploy an advanced malware protection strategy including threat intelligence and targeted attack protection to curtail opportunities for end user interaction with phishing messages before employees can click.