Latest HP Inc. Cybersecurity Threat Report Reveals Hackers Sharing Computer Vision Tools to Supercharge Capabilities
July 27 2021 - 9:00AM
HP Inc. (NYSE: HPQ) today released its latest global Threat
Insights Report, providing analysis of real-world cybersecurity
attacks and vulnerabilities. The research shows a significant
increase in the frequency and sophistication of cybercrime
activity, including a 65% rise in the use of hacking tools
downloaded from underground forums and filesharing websites from H2
2020 to H1 2021.
The researchers noted hacking tools in wide circulation were
surprisingly capable. For example, one tool can solve CAPTCHA
challenges using computer vision techniques, namely optical
character recognition (OCR), in order to perform credential
stuffing attacks against websites. More broadly, the report found
that cybercrime is more organized than ever, with underground
forums providing a perfect platform for threat actors to
collaborate and share attack tactics, techniques and
procedures.
“The proliferation of pirated hacking tools and underground
forums are allowing previously low-level actors to pose serious
risks to enterprise security,” says Dr. Ian Pratt, Global Head of
Security, Personal Systems, HP Inc. “Simultaneously, users continue
to fall prey to simple phishing attacks time and time again.
Security solutions that arm IT departments to stay ahead of future
threats are key to maximizing business protection and
resilience.”
Notable threats isolated by HP Wolf Security included:
- Cybercriminal collaboration is
opening the door to bigger attacks against victims: Dridex
affiliates are selling access to breached organizations to other
threat actors, so they can distribute ransomware. The drop in
Emotet activity in Q1 2021 has led to Dridex becoming the top
malware family isolated by HP Wolf Security.
- Information stealers delivering
nastier malware: CryptBot malware – historically used as
an infostealer to siphon off credentials from cryptocurrency
wallets and web browsers – is also being used to deliver DanaBot –
a banking trojan operated by organized crime groups.
- VBS downloader campaign
targeting business executives: A multi-stage Visual Basic
Script (VBS) campaign is sharing malicious ZIP attachments named
after the executive it’s targeting. It deploys a stealthy VBS
downloader before using legitimate SysAdmin tools to “live off the
land”, persisting on devices and delivering malware.
- From application to
infiltration: A résumé-themed malicious spam campaign
targeted shipping, maritime, logistics and related companies in
seven countries (Chile, Japan, UK, Pakistan, US, Italy and the
Philippines), exploiting a Microsoft Office vulnerability to deploy
the commercially-available Remcos RAT and gain backdoor access to
infected computers.
The findings are based on data from HP Wolf Security, which
tracks malware within isolated, micro-virtual machines to
understand and capture a full infection chain and help to mitigate
threats. By better understanding the behavior of malware in the
wild, HP Wolf Security researchers and engineers are able to
bolster endpoint security protections and overall system
resilience.
“The cybercrime ecosystem continues to develop and transform,
with more opportunities for petty cybercriminals to connect with
bigger players within organized crime, and download advanced tools
that can bypass defenses and breach systems,” observes Alex
Holland, Senior Malware Analyst, HP Inc. “We’re seeing hackers
adapt their techniques to drive greater monetization, selling
access on to organized criminal groups so they can launch more
sophisticated attacks against organizations. Malware strains like
CryptBot previously would have been a danger to users who use their
PCs to store cryptocurrency wallets, but now they also pose a
threat to businesses. We see infostealers distributing malware
operated by organized criminal groups – who tend to favor
ransomware to monetize their access.”
Other key findings in the report include:
- 75% of malware detected was delivered via email, while web
downloads were responsible for the remaining 25%. Threats
downloaded using web browsers rose by 24%, partially driven by
users downloading hacking tools and cryptocurrency mining
software.
- The most common
email phishing lures were invoices and business transactions (49%),
while 15% were replies to intercepted email threads. Phishing lures
mentioning COVID-19 made up less than 1%, dropping by 77% from H2
2020 to H1 2021.
- The most common type of malicious attachments were archive
files (29%), spreadsheets (23%), documents (19%), and executable
files (19%). Unusual archive file types – such as JAR (Java Archive
files) – are being used to avoid detection and scanning tools, and
install malware that’s easily obtained in underground
marketplaces.
- The report found 34% of malware captured was previously
unknown1, a 4% drop from H2 2020.
- A 24% increase in malware that exploits CVE-2017-11882, a
memory corruption vulnerability commonly used to exploit Microsoft
Office or Microsoft WordPad and carry out fileless attacks.
“Cybercriminals are bypassing detection tools with ease by
simply tweaking their techniques. We saw a surge in malware
distributed via uncommon file types like JAR files – likely used to
reduce the chances of being detected by anti-malware scanners,”
comments Holland. “The same old phishing tricks are reeling in
victims, with transaction-themed lures convincing users to click on
malicious attachments, links and web pages.”
“As cybercrime becomes more organized, and smaller players can
easily obtain effective tools and monetize attacks by selling on
access, there’s no such thing as a minor breach,” concludes Pratt.
“The endpoint continues to be a huge focus for cybercriminals.
Their techniques are getting more sophisticated, so it’s more
important than ever to have comprehensive and resilient endpoint
infrastructure and cyber defense. This means utilizing features
like threat containment to defend against modern attackers,
minimizing the attack surface by eliminating threats from the most
common attack vectors – email, browsers, and downloads.”
About the dataThis data was
gathered within HP Wolf Security customer virtual-machines from
January - June 2021.
About HP HP Inc. creates
technology that makes life better for everyone, everywhere. Through
our product and service portfolio of personal systems, printers and
3D printing solutions, we engineer experiences that amaze. More
information about HP Inc. is available at http://www.hp.com.
About HP Wolf SecurityFrom the maker of the
world’s most secure PCs2 and Printers3, HP Wolf Security is a new
breed of endpoint security. HP’s portfolio of hardware-enforced
security and endpoint-focused security services are designed to
help organizations safeguard PCs, printers and people from circling
cyber predators. HP Wolf Security provides comprehensive endpoint
protection and resiliency that starts at the hardware level and
extends across software and services.4
HP Inc. Media
RelationsMediaRelations@hp.com
©Copyright 2021 HP Development Company, L.P. The
information contained herein is subject to change without notice.
The only warranties for HP products and services are set forth in
the express warranty statements accompanying such products and
services. Nothing herein should be construed as constituting an
additional warranty. HP shall not be liable for technical or
editorial errors or omissions contained herein.
- Based on first-seen in the wild data from multiple antivirus
engines.
- Based on HP’s unique and comprehensive security capabilities at
no additional cost among vendors on HP Elite PCs with Windows and
8th Gen and higher Intel® processors or AMD Ryzen™ 4000 processors
and higher; HP ProDesk 600 G6 with Intel® 10th Gen and higher
processors; and HP ProBook 600 with AMD Ryzen™ 4000 or Intel® 11th
Gen processors and higher.
- HP’s most advanced embedded security features are available on
HP Enterprise and HP Managed devices with HP FutureSmart firmware
4.5 or above. Claim based on HP review of 2021 published features
of competitive in-class printers. Only HP offers a combination of
security features to automatically detect, stop, and recover from
attacks with a self-healing reboot, in alignment with NIST SP
800-193 guidelines for device cyber resiliency. For a list of
compatible products, visit: hp.com/go/PrintersThatProtect. For more
information, visit: hp.com/go/PrinterSecurityClaims.
- HP Security is now HP Wolf Security. Security features
vary by platform, please see product data sheet for details.
HP (NYSE:HPQ)
Historical Stock Chart
From Sep 2024 to Oct 2024
HP (NYSE:HPQ)
Historical Stock Chart
From Oct 2023 to Oct 2024