HP issues a threat report quarterly (this month’s came with a video), and this quarter’s report suggests that things are getting worse with regard to attacks and related monetary damage. While this report mostly focuses on attacks on PCs and how HP’s Wolf Security unit is mitigating the related threats, this month, we also had a discussion on Deep Fakes and how they are increasingly being used to scam individuals and companies out of money.
Let’s talk about this threat report this week because things are really getting scary out there.
DarkGate
One of the more creative malware campaigns is called DarkGate. It uses ad services to analyze which lures work the best, then uses them in a campaign designed to infect the most people. This is one of the more advanced efforts in that it appears to constantly improve its approach based on infection success. It creatively uses CAPTCHA tools that block anti-virus sandboxes and assures that people, not machines, are clicking on the contaminated links, which prevents automated discovery. The payload opens a backdoor to cybercriminals with damage ranging from data theft to ransomware.
Office Exploits
HP reports there has been a sharp shift in attacks from Macro, which Microsoft has been working to eliminate, to Office exploits. In Q4, 84% of attempted intrusions, according to HP, involved spreadsheets, while 73% involved Word documents. These were mostly focused on exploiting vulnerabilities in Office applications and continuing to show a trend away from the traditional Office macro attacks. Macro attacks aren’t done, however, as cheap commodity malware like Agent Tesla and XWorm continue to utilize the Macro attack vector.
PDF Malware
While I’d thought this was in decline, according to this recent HP report, PDF malware is again on the rise, with 11% of the malware analyzed by HP in the 4th quarter using PDFs to deliver it. This is up from 4% back in Q1 and Q2 of 2023. One campaign that stood out was WikiLoader, which used a fake parcel delivery PDF to trick users into installing Ursnif malware (which has been evolving).
Discord and TextBin
Discord has been getting a lot of bad press recently, but it’s hardly alone since increased file-sharing services host malicious files. These sites are effective in distributing malware because most users and companies trust them, which helps attackers avoid anti-malware scanners and reduces the odds that an attacker will be discovered before doing harm.
AI
Cybercriminals are becoming adept at using AI to get into users’ heads and understand how they work, what motivates them to click on links, or what engages them on fake offers. Given how many of us using cloud services have become used to cloud-based error messages that are legitimate, we have become far more vulnerable to alerts that are frauds. AI is helping this effort significantly by creating ever more compelling reasons for users to click on malicious links. With the cost of these AI enhancements being close to zero, we will be increasingly inundated with ever-better attempts to harm us. This creative AI use is making it ever harder to keep users safe.
Marketing
According to Dr. Ian Pratt (whom I spoke with), “Cybercriminals are applying the same tools a business might use to manage a marketing campaign to optimize their malware campaigns, increasing the likelihood the user will take the bait. To protect against well-resourced threat actors, organizations must follow zero-trust principles, isolating and containing risky activities like opening email attachments, clicking on links, and browser downloads.”
Wrapping Up: It is getting scary out there…
Reports like this one showcase why HP is putting so many resources into Wolf Security as a differentiator so that at least HP buyers and users are safe and can depend on Wolf Security to keep them that way. However, this report showcases that attackers are getting increasingly creative in their approaches. With the use of AI tools coupled with marketing-level skills, our focus on keeping our users safe has never been more critical.
It is truly frightening out there.
- IBM Launches Guardium Data Security Center: Well-Timed for High-Risk Sites - October 28, 2024
- Intel and AMD Form x86 Consortium in Advance of NVIDIA’s ARM Challenge - October 19, 2024
- AMD and the Future of AI - October 11, 2024
Pingback: HP’s Threat Report – New Threats, Bigger Problems - F1TYM1
Pingback: Beyond Detection: Enhancing Your Security Posture with Predictive Cyberthreat Insights