The researchers noted hacking tools in wide circulation were surprisingly capable. For example, one tool can solve CAPTCHA challenges using computer vision techniques, namely optical character recognition (OCR), in order to perform credential stuffing attacks against websites. More broadly, the report found that cybercrime is more organized than ever, with underground forums providing a perfect platform for threat actors to collaborate and share attack tactics, techniques and procedures.
“The proliferation of pirated hacking tools and underground forums are allowing previously low-level actors to pose serious risks to enterprise security,” says Dr.
Notable threats isolated by
- Cybercriminal collaboration is opening the door to bigger attacks against victims: Dridex affiliates are selling access to breached organizations to other threat actors, so they can distribute ransomware. The drop in Emotet activity in Q1 2021 has led to Dridex becoming the top malware family isolated by
HP Wolf Security. - Information stealers delivering nastier malware: CryptBot malware – historically used as an infostealer to siphon off credentials from cryptocurrency wallets and web browsers – is also being used to deliver DanaBot – a banking trojan operated by organized crime groups.
- VBS downloader campaign targeting business executives: A multi-stage Visual Basic Script (VBS) campaign is sharing malicious ZIP attachments named after the executive it’s targeting. It deploys a stealthy VBS downloader before using legitimate SysAdmin tools to “live off the land”, persisting on devices and delivering malware.
- From application to infiltration: A résumé-themed malicious spam campaign targeted shipping, maritime, logistics and related companies in seven countries (
Chile ,Japan ,UK ,Pakistan , US,Italy andthe Philippines ), exploiting a Microsoft Office vulnerability to deploy the commercially-available Remcos RAT and gain backdoor access to infected computers.
The findings are based on data from
“The cybercrime ecosystem continues to develop and transform, with more opportunities for petty cybercriminals to connect with bigger players within organized crime, and download advanced tools that can bypass defenses and breach systems,” observes
Other key findings in the report include:
- 75% of malware detected was delivered via email, while web downloads were responsible for the remaining 25%. Threats downloaded using web browsers rose by 24%, partially driven by users downloading hacking tools and cryptocurrency mining software.
- The most common email phishing lures were invoices and business transactions (49%), while 15% were replies to intercepted email threads. Phishing lures mentioning COVID-19 made up less than 1%, dropping by 77% from H2 2020 to H1 2021.
- The most common type of malicious attachments were archive files (29%), spreadsheets (23%), documents (19%), and executable files (19%). Unusual archive file types – such as JAR (Java Archive files) – are being used to avoid detection and scanning tools, and install malware that’s easily obtained in underground marketplaces.
- The report found 34% of malware captured was previously unknown1, a 4% drop from H2 2020.
- A 24% increase in malware that exploits CVE-2017-11882, a memory corruption vulnerability commonly used to exploit Microsoft Office or Microsoft WordPad and carry out fileless attacks.
“Cybercriminals are bypassing detection tools with ease by simply tweaking their techniques. We saw a surge in malware distributed via uncommon file types like JAR files – likely used to reduce the chances of being detected by anti-malware scanners,” comments Holland. “The same old phishing tricks are reeling in victims, with transaction-themed lures convincing users to click on malicious attachments, links and web pages.”
“As cybercrime becomes more organized, and smaller players can easily obtain effective tools and monetize attacks by selling on access, there’s no such thing as a minor breach,” concludes Pratt. “The endpoint continues to be a huge focus for cybercriminals. Their techniques are getting more sophisticated, so it’s more important than ever to have comprehensive and resilient endpoint infrastructure and cyber defense. This means utilizing features like threat containment to defend against modern attackers, minimizing the attack surface by eliminating threats from the most common attack vectors – email, browsers, and downloads.”
About the data
This data was gathered within
About
About
From the maker of the world’s most secure PCs2 and Printers3,
MediaRelations@hp.com
©Copyright 2021
- Based on first-seen in the wild data from multiple antivirus engines.
- Based on HP’s unique and comprehensive security capabilities at no additional cost among vendors on
HP Elite PCs with Windows and 8th Gen and higher Intel® processors or AMD Ryzen™ 4000 processors and higher;HP ProDesk 600 G6 with Intel® 10th Gen and higher processors; andHP ProBook 600 with AMD Ryzen™ 4000 or Intel® 11th Gen processors and higher. - HP’s most advanced embedded security features are available on
HP Enterprise andHP Managed devices withHP FutureSmart firmware 4.5 or above. Claim based onHP review of 2021 published features of competitive in-class printers. OnlyHP offers a combination of security features to automatically detect, stop, and recover from attacks with a self-healing reboot, in alignment with NIST SP 800-193 guidelines for device cyber resiliency. For a list of compatible products, visit: hp.com/go/PrintersThatProtect. For more information, visit: hp.com/go/PrinterSecurityClaims. HP Security is nowHP Wolf Security. Security features vary by platform, please see product data sheet for details.
Source:
2021 GlobeNewswire, Inc., source