According to the current HP Wolf Security Threat Insights Report,Â EmailÂ HostingÂ henceÂ emailsÂ remainÂ the most common method for delivering malware and other threats, with over 75% of threats being transmitted via email communications.Â
HP security analysts created the study, which covers the first half of 2021, based on customers who choose to share their threat warnings with the firm.
Between H2 2020 and H1 2021, HP researchers discovered a 65 percent increase in the usage of hacking tools acquired from underground forums and filesharing websites. Using computer vision techniques, several of the tools can answer CAPTCHA difficulties.
Manufacturing, transportation, commodity trade, marine, property, and industrial supplies are among the most targeted industries.
The spread of pirated hacking tools and underground forums, according to Ian Pratt, HP’s worldwide head of security, “allows hitherto low-level offenders to pose substantial dangers to business security.”
“Simultaneously, people are falling prey to basic phishing attempts on a regular basis. To maximize corporate protection and resilience, security solutions that equip IT departments to remain ahead of emerging threats are critical “Pratt explained.
According to the study, Dridex affiliates have been selling access to compromised businesses to other threat actors, including ransomware gangs. Dridex is currently the top malware family isolated by HP Wolf Security.
CryptBot malware is currently being used by some criminal gangs to transmit the banking trojan DanaBot, and cybercriminals are increasingly targeting corporate executives.
“HP Wolf Security discovered a multi-stage Visual Basic Script malware campaign aimed at top employees in March 2021. The targets were emailed a malicious ZIP download with their first and last names on it “According to the report,
“Employee names and email addresses were most likely acquired from publicly available information online by the threat actor. An obfuscated VBS downloader was included in the files, which downloads a second VBS script from a remote server to the user’s percent TEMP% folder. The initial stage script was extensively disguised, with just 21% of anti-virus scanners on Virus Total detecting it as malicious.
A rĂ©sumĂ©-themed harmful spam campaign was also discovered, which targeted shipping, marine, logistics, and associated organizations in Italy, Japan, Chile, the United Kingdom, Pakistan, the United States, and the Philippines. According to HP, these assaults take use of a Microsoft Office vulnerability to install the Remcos RAT and acquire backdoor access to affected machines.
“Threat actors continue to target outdated vulnerabilities in Microsoft Office,” HP’s researchers said, “underscoring the necessity for companies to patch out-of-date Office versions in their settings.”
“In H1 2021, we noticed a 24% rise in CVE-2017-11882 attacks compared to H2 2020. In contrast to H2 2020, there was no substantial change in the vulnerabilities exploited by attackers throughout the reporting period.”
The cybercrime ecosystem is evolving and changing, according to Alex Holland, a senior malware analyst at HP, with increasing chances for petty cybercriminals to “link with bigger actors inside organized crime and acquire powerful tools that may circumvent defenses and infiltrate systems.”
“By just changing their tactics, cybercriminals are easily evading detection systems. We’ve seen an increase in malware delivered using unusual file formats including JAR files, which are presumably intended to avoid detection by anti-malware scanners “Holland said.
“Victims are falling for the same old phishing techniques, with transaction-themed baits enticing users to click on infected files, links, and web pages.”
There is no such thing as a modest breach, according to Pratt, since cybercrime grows more structured and smaller actors may quickly get effective tools and monetize assaults by selling on access. Cybercriminals continue to pay close attention to endpoints, he said.
“Their tactics are becoming more advanced, so having a complete and robust endpoint architecture and cyber protection is more critical than ever,” Pratt added. “This involves defending against current attackers with capabilities like threat containment, reducing the attack surface by removing threats from the most popular attack channels â€” email, browsers, and downloads.”Â