HP Inc has published its quarterly HP Wolf Security Threat Insights report, which explains how hackers combine different combinations of attacks, like the “bricks” of a building game, to bypass detection tools. Email and browser downloads have been the main threat vectors in recent months, the report said.
Based on data from several million endpoints running HP Wolf Security, the study found:
- Hackers use “building block” attacks. In QakBot campaigns, cybercriminals have connected various tools to create unique infection chains. By modifying various file types and methods, they were able to bypass detection tools and security policies. 32% of QakBot infection chains analyzed by HP between April and June were unique.
- Blogger or keylogger? The authors of the recent Aggah campaign posted malicious code on the popular blogging platform Blogspot. By hiding the code in a legitimate source, they made it much more difficult to detect a potential cyber attack. Hackers then use their knowledge of Windows systems to disable some anti-malware protections on the user’s computer and steal sensitive information.
- Multilingual malware. A recent campaign uses multiple programming languages to avoid detection. First, it encrypts the code using a program written in Go, disabling the malware scanning features that would normally detect it. It then changes the language to C++ to interact with the target user’s operating system and run the malware in memory, leaving very little trace on the PC.
“Cybercriminals are becoming better organized and better informed. They research and analyze the operating system, which facilitates the exploitation of loopholes. By knowing which buttons to push, they can easily navigate internal systems using relatively simple methods in very efficient ways – without alarm,” says Patrick Schlepfer, Senior Analyst, HP Wolf Security Research Group,
The report details how cybercriminal groups are diversifying their attack methods to circumvent security policies and detection tools. The main conclusions:
- Archives were the most popular type of malware delivery for the fifth consecutive quarter, used in 44% of cases analyzed by HP.
- In the second quarter (April-June), the number of HTML threats detected by HP Wolf Security increased by 23% compared to the first quarter.
- The number of executable files increased by 4% – from 14% to 18% between the first and second quarters – mainly due to the use of the PDFpower.exe file, which bundled the software with browser hijacking malware.
- The main threat vectors in the second quarter were email (79%) and browser downloads (12%).
HP Wolf Security performs risky tasks such as opening email attachments, downloading files and links on isolated microvirtual machines (microVMs) without affecting performance.
It also captures detailed traces of infection attempts. HP Application Isolation technology mitigates threats that may go undetected and provides insight into new methods hackers are turning to.
Data was collected anonymously using HP Wolf Security tools between April and June 2023.
Source: Hot News
Lori Barajas is an accomplished journalist, known for her insightful and thought-provoking writing on economy. She currently works as a writer at 247 news reel. With a passion for understanding the economy, Lori’s writing delves deep into the financial issues that matter most, providing readers with a unique perspective on current events.