Barracuda researchers have seen a spike in the use of modular malware since the beginning of 2019. A recent analysis of email attacks targeting Barracuda customers identified more than 150,000 unique malicious files in the first five months of the year.
Cybercriminals use email to deliver modular malicious software, also known as modular malware. An ever-increasing trend, modular malware provides an architecture that is more robust, evasive and dangerous than typical document-based or web-based malware. Modular malware includes—and can selectively launch—different payloads and functionality, depending on the target and the goal of the attack. Most malware is distributed as a document attachment that is sent via spam to widely-circulated email lists. These email lists are sold, traded, aggregated, and revised as they move through the dark web. Once an infected document is opened, either the malware is automatically installed, or a heavily obfuscated macro/script is used to download and install it from an external source. Occasionally, a link or other clickable item is used, but that approach is much more common in phishing attacks than malware attacks.
With the rise of botnets executing commands provided by cybercriminals and malware written for wide-spread distribution, modularity has become the new norm. Malware authors are increasingly organized and continue to adopt and implement software-industry practices, including quality assurance and testing, to improve the success of attacks. In response to the demand to meet multiple needs with one widely-distributed malware file, modular malware has evolved to become more feature-rich and flexible.
The rapidly evolving threat environment requires a multi-layered protection strategy—one that closes the technical and human gaps—for every organization to maximize its email security performance and minimize the risk of falling victim to sophisticated attacks like modular malware.