Welcome to the Q4 2022 edition of the HP Wolf Security Threat Insights Report. In the report, we review notable malware campaigns, trends and techniques identified from HP Wolf Security’s customer telemetry in calendar Q4 2022.

Key Findings

• For the third quarter in a row, archives were the most popular file type for delivering malware (42%). Archive malware has risen 20% since Q1 2022 as attackers shift away from Office file formats to alternatives that do not rely on macros, such as disk image files (IMG, ISO). Malware stored inside IMG files saw a 31% rise in Q4 compared to the previous quarter. Archives are attractive to threat actors because they are easily encrypted, making them difficult for web proxies, sandboxes and email scanners to detect malware. Many organizations use encrypted archives for legitimate reasons, making it challenging to reject encrypted archive email attachments by policy.
• Threat actors are experimenting with QR codes in their lures to steal credit and debit card details from victims, for example, masquerading as parcel delivery companies seeking payment. In this type of attack, targets are more likely to access malicious websites from their mobile phones, which may lack protection against phishing.
• Attackers are bypassing perimeter network security controls, such as email gateway scanners, by embedding malicious links in PDF files. HP Wolf Security detected a 38% rise in PDF malware in Q4 compared to the previous quarter. 13% of email threats identified by HP Wolf Security had bypassed one or more email gateway scanner, highlighting the limitations of relying on detection-based security controls. HTML threats, including HTML smuggling, also grew by 44% in Q4 to become the 15th most popular malware format (up two places from 17th in Q3).
• Q4 saw a surge of attackers imitating popular software projects to trick users into infecting their PCs with malware. The attacks rely on users clicking on search engine adverts leading to malicious websites that look almost identical to legitimate websites. In Q4, HP threat research identified 24 software projects imitated in malvertising campaigns that were used to spread eight malware families.

Read the Report

Download the report: HP Wolf Security Threat Insights Report Q4 2022

Download (PDF)

Read all HP Wolf Security Threat Insights Reports

You can download and read our previous reports here.