HP’s Threat Report – New Threats, Bigger Problems

HP issues a threat report quarterly (this month’s came with a video), and this quarter’s report suggests that things are getting worse with regard to attacks and related monetary damage. While this report mostly focuses on attacks on PCs and how HP’s Wolf Security unit is mitigating the related threats, this month, we also had a discussion on Deep Fakes and how they are increasingly being used to scam individuals and companies out of money.

Let’s talk about this threat report this week because things are really getting scary out there.

DarkGate

One of the more creative malware campaigns is called DarkGate. It uses ad services to analyze which lures work the best, then uses them in a campaign designed to infect the most people. This is one of the more advanced efforts in that it appears to constantly improve its approach based on infection success. It creatively uses CAPTCHA tools that block anti-virus sandboxes and assures that people, not machines, are clicking on the contaminated links, which prevents automated discovery. The payload opens a backdoor to cybercriminals with damage ranging from data theft to ransomware.

Office Exploits

HP reports there has been a sharp shift in attacks from Macro, which Microsoft has been working to eliminate, to Office exploits. In Q4, 84% of attempted intrusions, according to HP, involved spreadsheets, while 73% involved Word documents. These were mostly focused on exploiting vulnerabilities in Office applications and continuing to show a trend away from the traditional Office macro attacks. Macro attacks aren’t done, however, as cheap commodity malware like Agent Tesla and XWorm continue to utilize the Macro attack vector.

PDF Malware

While I’d thought this was in decline, according to this recent HP report, PDF malware is again on the rise, with 11% of the malware analyzed by HP in the 4th quarter using PDFs to deliver it. This is up from 4% back in Q1 and Q2 of 2023. One campaign that stood out was WikiLoader, which used a fake parcel delivery PDF to trick users into installing Ursnif malware (which has been evolving).

Discord and TextBin

Discord has been getting a lot of bad press recently, but it’s hardly alone since increased file-sharing services host malicious files. These sites are effective in distributing malware because most users and companies trust them, which helps attackers avoid anti-malware scanners and reduces the odds that an attacker will be discovered before doing harm.

AI

Cybercriminals are becoming adept at using AI to get into users’ heads and understand how they work, what motivates them to click on links, or what engages them on fake offers. Given how many of us using cloud services have become used to cloud-based error messages that are legitimate, we have become far more vulnerable to alerts that are frauds. AI is helping this effort significantly by creating ever more compelling reasons for users to click on malicious links. With the cost of these AI enhancements being close to zero, we will be increasingly inundated with ever-better attempts to harm us. This creative AI use is making it ever harder to keep users safe.

Marketing

According to Dr. Ian Pratt (whom I spoke with), “Cybercriminals are applying the same tools a business might use to manage a marketing campaign to optimize their malware campaigns, increasing the likelihood the user will take the bait. To protect against well-resourced threat actors, organizations must follow zero-trust principles, isolating and containing risky activities like opening email attachments, clicking on links, and browser downloads.”

Wrapping Up: It is getting scary out there…

Reports like this one showcase why HP is putting so many resources into Wolf Security as a differentiator so that at least HP buyers and users are safe and can depend on Wolf Security to keep them that way. However, this report showcases that attackers are getting increasingly creative in their approaches. With the use of AI tools coupled with marketing-level skills, our focus on keeping our users safe has never been more critical.

It is truly frightening out there.

• About
• Latest Posts

Rob Enderle

President and Principal Analyst at Enderle Group

As President and Principal Analyst of the Enderle Group, Rob provides regional and global companies with guidance in how to create credible dialogue with the market, target customer needs, create new business opportunities, anticipate technology changes, select vendors and products, and practice zero dollar marketing. For over 20 years Rob has worked for and with companies like Microsoft, HP, IBM, Dell, Toshiba, Gateway, Sony, USAA, Texas Instruments, AMD, Intel, Credit Suisse First Boston, ROLM, and Siemens.

Latest posts by Rob Enderle (see all)

• Why Intel’s FAB and Foundry Expansion May Save the Company - April 19, 2024
• Intel Vision: How the AI Wave Could End the Wintel Age - April 12, 2024
• With AI, Communication Skills Become Vastly More Important - April 5, 2024