HP is unique in the market in that it has taken its security function, branded it, and effectively created a focused company called HP Wolf Security. HP Wolf Security issues a regular report about the technologies hackers are using to penetrate firms like Boeing. Lately, the attacks have become particularly impressive.
Let us talk about some of the exploits that HP Wolf Security has identified while I seriously consider carving out a permanent space under my bed to hide from some of these things.
Jekyll and Hyde: Consistent with this time of year (Halloween), this is a Parallax RAT campaign that launches two threads when a user opens an infected scanned invoice that was sent with the express purpose of tricking them. (I am personally scared to click on anything from anyone in email). The Jekyll thread opens a decoy invoice from a legitimate online template, making the document seem safe, while the Hyde thread runs the malware in the background. This impressive kit is sold as a service for $65 a month, so you, too, can be a successful hacker. Seriously, this is impressive in a scary way.
Theft Revenge: This in and of itself is fascinating. Apparently, some of the folks getting these attack programs are not paying for them, so cybercriminals have set up malware-building kits on services like GitHub. These building programs are themselves infected with malware to punish criminals who do not pay for the tools they need to commit their crimes. Some of these tools cost upwards of $500, and since cybercriminals cannot exactly go to the police, they are using their tools to punish those who steal from them and highlighting what may be a good path for tech companies and law enforcement agencies to catch and punish folks looking to use these tools.
For six quarters running, archives have been the most popular malware delivery type. Even though Excel macros are disabled by default, they are the seventh most common file extension type abused by attackers. This is up sharply from 46th place last quarter. Twelve percent of email threats caught by HP were missed by email gateway scanners. Both Excel and Word attacks increased significantly (up to 91% for Excel, for instance). PDF threats continue to increase, up 5% quarter-over-quarter, and the top threats in general came from email at 80% and browsers at 11%.
HP has been going after these threats aggressively and, unlike many, began to move to mitigate attacks before they are successful. Before that strategy was employed, one of the biggest security mistakes to date has been by security companies that don’t act on a problem until the attacker is successful, which has allowed unlimited attempts to first define and map the defenses to overcome them. HP Wolf Security has not only dropped a number of market-leading defenses into HP’s products, but it is now one of, if not the most aggressive, at stopping an attack in progress instead of waiting until it is successful.
It is increasingly dangerous out there, as HP Wolf Security’s latest report highlights. Companies supplying the tools to attackers are becoming far more capable, and they may have highlighted a way to deal with the problem with their own attacks on criminals who have not paid them for the tools. Whether you use HP Wolf Security or not, it makes sense to prioritize security providers that not only could stop breaches like this but can move against attackers as soon as their attempt begins rather than waiting for the eventual breach. The goal is not to catch the criminal but to stop the breach from ever occurring largely because these criminals mostly reside in foreign countries that have no problem with their business model.
The world is increasingly unsafe, but with the right partner and effective tools, you can make it far safer.
- BlockCerts: Building Blockchain Solutions that Work - December 1, 2023
- IBM Power and the Importance of Measurable Results - November 24, 2023
- Windows 10/11 with Copilot: Anticipating Windows 12 - November 17, 2023