HP’s Wolf Security Report: Attackers Are Getting Very Innovative

Image from Pixabay

HP is unique in the market in that it has taken its security function, branded it, and effectively created a focused company called HP Wolf Security. HP Wolf Security issues a regular report about the technologies hackers are using to penetrate firms like Boeing. Lately, the attacks have become particularly impressive.

Let us talk about some of the exploits that HP Wolf Security has identified while I seriously consider carving out a permanent space under my bed to hide from some of these things.

Examples

Houdini’s Last Act: This is a brand-new effort based on fake shipping documents that contain JavaScript malware. This worm is designed to slip past your email defenses to contaminate your device and other endpoints. The worm delivers a payload of Houdini, a 10-year-old VBScript RAT. This is a creative way to abuse the scripting behavior of most operating systems.

Jekyll and Hyde: Consistent with this time of year (Halloween), this is a Parallax RAT campaign that launches two threads when a user opens an infected scanned invoice that was sent with the express purpose of tricking them. (I am personally scared to click on anything from anyone in email). The Jekyll thread opens a decoy invoice from a legitimate online template, making the document seem safe, while the Hyde thread runs the malware in the background. This impressive kit is sold as a service for $65 a month, so you, too, can be a successful hacker. Seriously, this is impressive in a scary way.

Theft Revenge: This in and of itself is fascinating. Apparently, some of the folks getting these attack programs are not paying for them, so cybercriminals have set up malware-building kits on services like GitHub. These building programs are themselves infected with malware to punish criminals who do not pay for the tools they need to commit their crimes. Some of these tools cost upwards of $500, and since cybercriminals cannot exactly go to the police, they are using their tools to punish those who steal from them and highlighting what may be a good path for tech companies and law enforcement agencies to catch and punish folks looking to use these tools.

Other Activities

For six quarters running, archives have been the most popular malware delivery type. Even though Excel macros are disabled by default, they are the seventh most common file extension type abused by attackers. This is up sharply from 46th place last quarter. Twelve percent of email threats caught by HP were missed by email gateway scanners. Both Excel and Word attacks increased significantly (up to 91% for Excel, for instance). PDF threats continue to increase, up 5% quarter-over-quarter, and the top threats in general came from email at 80% and browsers at 11%.

HP’s Responses

HP has been going after these threats aggressively and, unlike many, began to move to mitigate attacks before they are successful. Before that strategy was employed, one of the biggest security mistakes to date has been by security companies that don’t act on a problem until the attacker is successful, which has allowed unlimited attempts to first define and map the defenses to overcome them. HP Wolf Security has not only dropped a number of market-leading defenses into HP’s products, but it is now one of, if not the most aggressive, at stopping an attack in progress instead of waiting until it is successful.

Wrapping Up

It is increasingly dangerous out there, as HP Wolf Security’s latest report highlights. Companies supplying the tools to attackers are becoming far more capable, and they may have highlighted a way to deal with the problem with their own attacks on criminals who have not paid them for the tools. Whether you use HP Wolf Security or not, it makes sense to prioritize security providers that not only could stop breaches like this but can move against attackers as soon as their attempt begins rather than waiting for the eventual breach. The goal is not to catch the criminal but to stop the breach from ever occurring largely because these criminals mostly reside in foreign countries that have no problem with their business model.

The world is increasingly unsafe, but with the right partner and effective tools, you can make it far safer.

Latest posts by Rob Enderle (see all)
Rob Enderle: As President and Principal Analyst of the Enderle Group, Rob provides regional and global companies with guidance in how to create credible dialogue with the market, target customer needs, create new business opportunities, anticipate technology changes, select vendors and products, and practice zero dollar marketing. For over 20 years Rob has worked for and with companies like Microsoft, HP, IBM, Dell, Toshiba, Gateway, Sony, USAA, Texas Instruments, AMD, Intel, Credit Suisse First Boston, ROLM, and Siemens.
Related Post