HP Catches Cybercriminals ‘Cat-Phishing’ Users
16 Mayo 2024 - 2:10AM
HP Inc. (NYSE: HPQ) today issued its quarterly HP Wolf Security
Threat Insights Report, showing attackers are relying on open
redirects, overdue invoice lures, and Living-off-the-Land (LotL)
techniques to sneak past defences. The report provides an analysis
of real-world cyberattacks, helping organizations to keep up with
the latest techniques cybercriminals use to evade detection and
breach PCs in the fast-changing cybercrime landscape.
Based on data from millions of endpoints running HP Wolf
Security, notable campaigns identified by HP threat researchers
include:
- Attackers using open redirects to ‘Cat-Phish’
users: In an advanced WikiLoader campaign, attackers
exploited open redirect vulnerabilities within websites to
circumvent detection. Users were directed to trustworthy sites,
often through open redirect vulnerabilities in ad embeddings. They
were then redirected to malicious sites – making it almost
impossible for users to detect the switch.
- Living-off-the-BITS: Several campaigns abused
the Windows Background Intelligent Transfer Service (BITS) – a
legitimate mechanism used by programmers and system administrators
to download or upload files to web servers and file shares. This
LotL technique helped attackers remain undetected by using BITS to
download the malicious files.
- Fake invoices leading to HTML smuggling
attacks: HP identified threat actors hiding malware inside
HTML files posing as delivery invoices which, once opened in a web
browser, unleash a chain of events deploying open-source malware,
AsyncRAT. Interestingly, the attackers paid little attention to the
design of the lure, suggesting the attack was created with only a
small investment of time and resources.
Patrick Schläpfer, Principal Threat Researcher in the HP Wolf
Security threat research team, comments:
"Targeting companies with invoice lures is one of the oldest
tricks in the book, but it can still be very effective and hence
lucrative. Employees working in finance departments are used to
receiving invoices via email, so they are more likely to open them.
If successful, attackers can quickly monetize their access by
selling it to cybercriminal brokers, or by deploying
ransomware.”
By isolating threats that have evaded detection-based tools –
but still allowing malware to detonate safely – HP Wolf Security
has specific insight into the latest techniques used by
cybercriminals. To date, HP Wolf Security customers have clicked on
over 40 billion email attachments, web pages, and downloaded files
with no reported breaches.
The report details how cybercriminals continue to diversify
attack methods to bypass security policies and detection tools.
Other findings include:
- At least 12% of email threats identified by HP Sure Click*
bypassed one or more email gateway scanners.
- The top threat vectors in Q1 were email attachments (53%),
downloads from browsers (25%) and other infection vectors, such as
removable storage – like USB thumb drives – and file shares
(22%).
- This quarter, at least 65% of document threats relied on an
exploit to execute code, rather than macros.
Dr. Ian Pratt, Global Head of Security for Personal Systems at
HP Inc., comments:
"Living-off-the-Land techniques expose the fundamental flaws of
relying on detection alone. Because attackers are using legitimate
tools, it’s difficult to spot threats without throwing up a lot of
disruptive false positives. Threat containment provides protection
even when detection fails, preventing malware from exfiltrating or
destroying user data or credentials, and preventing attacker
persistence. This is why organizations should take a
defence-in-depth approach to security, isolating and containing
high-risk activities to reduce their attack surface."
HP Wolf Security** runs risky tasks in isolated,
hardware-enforced disposable virtual machines running on the
endpoint to protect users, without impacting their productivity. It
also captures detailed traces of attempted infections. HP’s
application isolation technology mitigates threats that slip past
other security tools and provides unique insights into intrusion
techniques and threat actor behavior.
About the data
This data was gathered from consenting HP Wolf Security
customers from January-March 2024.
About HP
HP Inc. (NYSE: HPQ) is a global technology leader and creator of
solutions that enable people to bring their ideas to life and
connect to the things that matter most. Operating in more than 170
countries, HP delivers a wide range of innovative and sustainable
devices, services and subscriptions for personal computing,
printing, 3D printing, hybrid work, gaming, and more. For more
information, please visit: http://www.hp.com.
About HP Wolf Security
HP Wolf Security is world class endpoint security. HP’s
portfolio of hardware-enforced security and endpoint-focused
security services are designed to help organizations safeguard PCs,
printers, and people from circling cyber predators. HP Wolf
Security provides comprehensive endpoint protection and resiliency
that starts at the hardware level and extends across software and
services. Visit https://hp.com/wolf.
*HP Sure Click Enterprise is sold separately. Supported
attachments include Microsoft Office (Word, Excel, PowerPoint) and
PDF files, when Microsoft Office or Adobe Acrobat are installed.
For full system requirements, please visit HP need hyperlink to HP
Sure Access Enterprise and HP Sure Click Enterprise system
requirements at:
https://enterprisesecurity.hp.com/s/article/System-Requirements-for-HP-Sure-Access-Enterprise
**HP Wolf Security for Business requires Windows 10 or 11 Pro
and higher, includes various HP security features and is available
on HP Pro, Elite, RPOS and Workstation products. See product
details for included security features.
HP Media Relations
Email: MediaRelations@hp.com
HP (NYSE:HPQ)
Gráfica de Acción Histórica
De Oct 2024 a Oct 2024
HP (NYSE:HPQ)
Gráfica de Acción Histórica
De Oct 2023 a Oct 2024