fbpx
Techitup Middle East
B2B TechnologyCybersecurity

HP Wolf Security Catches Cybercriminals ‘Cat-Phishing’ Users  

HP Inc. issued its quarterly HP Wolf Security Threat Insights Report, showing attackers are relying on open redirects, overdue invoice lures, and Living-off-the-Land (LotL) techniques to sneak past defences. The report provides an analysis of real-world cyberattacks, helping organizations to keep up with the latest techniques cybercriminals use to evade detection and breach PCs in the fast-changing cybercrime landscape. 

Based on data from millions of endpoints running HP Wolf Security, notable campaigns identified by HP threat researchers include: 

  • Attackers using open redirects to ‘Cat-Phish’ users: In an advanced WikiLoader campaign, attackers exploited open redirect vulnerabilities within websites to circumvent detection. Users were directed to trustworthy sites, often through open redirect vulnerabilities in ad embeddings. They were then redirected to malicious sites – making it almost impossible for users to detect the switch.  
  • Living-off-the-BITS: Several campaigns abused the Windows Background Intelligent Transfer Service (BITS) – a legitimate mechanism used by programmers and system administrators to download or upload files to web servers and file shares. This LotL technique helped attackers remain undetected by using BITS to download the malicious files.  
  • Fake invoices leading to HTML smuggling attacks: HP identified threat actors hiding malware inside HTML files posing as delivery invoices which, once opened in a web browser, unleash a chain of events deploying open-source malware, AsyncRAT. Interestingly, the attackers paid little attention to the design of the lure, suggesting the attack was created with only a small investment of time and resources.  

By isolating threats that have evaded detection-based tools – but still allowing malware to detonate safely – HP Wolf Security has specific insight into the latest techniques used by cybercriminals. To date, HP Wolf Security customers have clicked on over 40 billion email attachments, web pages, and downloaded files with no reported breaches.  

The report details how cybercriminals continue to diversify attack methods to bypass security policies and detection tools. Other findings include: 

  • At least 12% of email threats identified by HP Sure Click bypassed one or more email gateway scanners. 
  • The top threat vectors in Q1 were email attachments (53%), downloads from browsers (25%) and other infection vectors, such as removable storage – like USB thumb drives – and file shares (22%). 
  • This quarter, at least 65% of document threats relied on an exploit to execute code, rather than macros. 

HP Wolf Security runs risky tasks in isolated, hardware-enforced disposable virtual machines running on the endpoint to protect users, without impacting their productivity. It also captures detailed traces of attempted infections. HP’s application isolation technology mitigates threats that slip past other security tools and provides unique insights into intrusion techniques and threat actor behavior.  

Related posts

SentinelOne, Intezer to Ease Reverse Engineering of Rust Malware 

Editor

e& UAE and Huawei to Conduct MENA’s First 800GE Router Solution Trial  

Editor

Dynatrace: Complexity of Technology Stacks Continues to Rise as Multicloud Adoption Accelerates  

Editor

Leave a Comment