Threat Hub

Your home for the latest threat research
and insights, drawn from one of the most comprehensive data sets in cybersecurity.
Updated every Wednesday.

| Weekly Brief

New tricks from a prolific threat actor. Why small macros can mean big trouble. And 9 out of 10 Americans are concerned about the impact of cyber attacks.

This week on The Threat Hub: the cyber criminal group TA505 has been on our radar since 2014. Famous as trailblazers with an ever-evolving set of techniques and tactics, the group has distributed a wide range of malware over the years, including Dridex, Locky and The Trick. Now TA505 is back with an escalating set of campaigns and some new loaders up its sleeve. In the latest Threat Insight blog, our researchers describe the similarities and differences to previous campaigns, break down the group’s new tool set, and provide a list of IOCs.

Following on from last week’s announcement that Microsoft will soon disable Excel 4.0 macros, we spoke to Senior Threat Researcher Daniel Blackford about the past and present of this popular attack vector. Microsoft’s plans don’t affect the newer VBS-type macros, so malicious Office documents are likely to remain a common malware delivery mechanism. Essential reading for anyone who’s ever been tempted to click the "Enable Content" button on an unfamiliar file.

And on this week’s Five-Minute Forecast, the U.S. Treasury tracks a decade of ransomware payments, Google reports state-sponsored threats on the rise, and Crista Giering from the Proofpoint Threat Research team talks TA505.

Insights Chart of the Week
VBS vs. XL4 Macros Relative Volume
Back to the Future with XL4

Excel 4.0 macros have been around for almost thirty years. In 2020, cyber criminals returned to the format to distribute malware, possibly as a result of the newer VBS macros being more easily scanned by automated security systems. Microsoft recently announced plans to disable the older XL4 format by default.

Equip your team with threat intelligence

Threat Insight
BEC Taxonomy: Extortion 
Blog Post
TA544 Targets Italian Organizations with Ursnif Malware
2021 User Cybersecurity Risk Report

Go Deeper with our Premium Threat Info Service

Connect with threat analysts, understand threats with intelligence specific to your situation, and gain 24/7 visibility into the latest threat discoveries.

Learn More
Threat Report
The Human Factor 2021

Dive deep into how an extraordinary year has changed the threat landscape
—and what it means for the year ahead. Our premiere threat report draws from one of cybersecurity's largest and most diverse data sets to explore user vulnerability, attacks and privilege through a people-centric lens.

Threat Report
2021 State of the Phish Report

As the global pandemic enters its second year, IT and infosec teams continue to face challenges on all sides. How well prepared are users? The seventh annual State of the Phish report explores the phishing threat and user vulnerability and resilience with an emphasis on analytical, actionable insights.

About The Threat Research Team

Our threat researchers are responsible for tracking shifts in the cybersecurity landscape, identifying new attacks as they emerge, and monitoring how threat actor tactics, techniques and procedures change over time. The threats they detect and the signatures they write feed into our platforms and are keystones in a system that analyzes more than 2.2 billion emails, 35 billion URLs and 200 million attachments every single day.

By studying what cyber criminals are doing now, our threat researchers are better able to anticipate what they’ll do next. Every day, their work keeps our customers protected—not just from today’s attacks, but tomorrow’s threats as they evolve.

Threat Hub Chart of the Week
Follow us @threatinsight: