The Recycler
  • Katun Masthead Nov 2024
  • Ambiente 2025 Masthead
  • Biuromax Masthead web banner March 2024
  • G&G Masthead August 2024

Cybersecurity threat report reveals hackers sharing computer vision tools

July 29, 2021

The HP Wolf Security threat research team found increasing cybercrime sophistication and a boom in monetisation and hacking tools, while end users are still vulnerable to old tricks.

HP Inc. released its latest global Threat Insights Report, providing analysis of real-world cybersecurity attacks and vulnerabilities. The research shows a significant increase in the frequency and sophistication of cybercrime activity, including a 65% rise in the use of hacking tools downloaded from underground forums and filesharing websites from H2 2020 to H1 2021.

The researchers noted hacking tools in wide circulation were surprisingly capable. For example, one tool can solve CAPTCHA challenges using computer vision techniques, namely optical character recognition (OCR), in order to perform credential stuffing attacks against websites. More broadly, the report found that cybercrime is more organised than ever, with underground forums providing a perfect platform for threat actors to collaborate and share attack tactics, techniques and procedures.

“The proliferation of pirated hacking tools and underground forums are allowing previously low-level actors to pose serious risks to enterprise security,” said Dr. Ian Pratt, Global Head of Security, Personal Systems, HP Inc. “Simultaneously, users continue to fall prey to simple phishing attacks time and time again. Security solutions that arm IT departments to stay ahead of future threats are key to maximising business protection and resilience.”

Notable threats isolated by HP Wolf Security included:

  • Cybercriminal collaboration is opening the door to bigger attacks against victims: Dridex affiliates are selling access to breached organisations to other threat actors, so they can distribute ransomware. The drop in Emotet activity in Q1 2021 has led to Dridex becoming the top malware family isolated by HP Wolf Security.
  • Information stealers delivering nastier malware: CryptBot malware – historically used as an infostealer to siphon off credentials from cryptocurrency wallets and web browsers – is also being used to deliver DanaBot – a banking trojan operated by organised crime groups.
  • VBS downloader campaign targeting business executives: A multi-stage Visual Basic Script (VBS) campaign is sharing malicious ZIP attachments named after the executive it’s targeting. It deploys a stealthy VBS downloader before using legitimate SysAdmin tools to “live off the land”, persisting on devices and delivering malware.
  • From application to infiltration: A résumé-themed malicious spam campaign targeted shipping, maritime, logistics and related companies in seven countries (Chile, Japan, UK, Pakistan, US, Italy and the Philippines), exploiting a Microsoft Office vulnerability to deploy the commercially-available Remcos RAT and gain backdoor access to infected computers.

The findings are based on data from HP Wolf Security, which tracks malware within isolated, micro-virtual machines to understand and capture a full infection chain and help to mitigate threats. By better understanding the behaviour of malware in the wild, HP Wolf Security researchers and engineers are able to bolster endpoint security protections and overall system resilience.

“The cybercrime ecosystem continues to develop and transform, with more opportunities for petty cybercriminals to connect with bigger players within organised crime, and download advanced tools that can bypass defences and breach systems,” observed Alex Holland, Senior Malware Analyst, HP Inc. “We’re seeing hackers adapt their techniques to drive greater monetization, selling access on to organised criminal groups so they can launch more sophisticated attacks against organizations. Malware strains like CryptBot previously would have been a danger to users who use their PCs to store cryptocurrency wallets, but now they also pose a threat to businesses. We see infostealers distributing malware operated by organised criminal groups – who tend to favour ransomware to monetise their access.”

Further key findings in the report include:

  • 75% of malware detected was delivered via email, while web downloads were responsible for the remaining 25%. Threats downloaded using web browsers rose by 24%, partially driven by users downloading hacking tools and cryptocurrency mining software.
  • The most common email phishing lures were invoices and business transactions (49%), while 15% were replies to intercepted email threads. Phishing lures mentioning COVID-19 made up less than 1%, dropping by 77% from H2 2020 to H1 2021.
  • The most common type of malicious attachments were archive files (29%), spreadsheets (23%), documents (19%), and executable files (19%). Unusual archive file types – such as JAR (Java Archive files) – are being used to avoid detection and scanning tools, and install malware that’s easily obtained in underground marketplaces.
  • The report found 34% of malware captured was previously unknown1, a 4% drop from H2 2020
  • A 24% increase in malware that exploits CVE-2017-11882, a memory corruption vulnerability commonly used to exploit Microsoft Office or Microsoft WordPad and carry out fileless attacks.

“Cybercriminals are bypassing detection tools with ease by simply tweaking their techniques. We saw a surge in malware distributed via uncommon file types like JAR files – likely used to reduce the chances of being detected by anti-malware scanners,” commented Holland. “The same old phishing tricks are reeling in victims, with transaction-themed lures convincing users to click on malicious attachments, links and web pages.”

“As cybercrime becomes more organized, and smaller players can easily obtain effective tools and monetise attacks by selling on access, there’s no such thing as a minor breach,” concluded Pratt. “The endpoint continues to be a huge focus for cybercriminals. Their techniques are getting more sophisticated, so it’s more important than ever to have comprehensive and resilient endpoint infrastructure and cyber defence. This means utilising features like threat containment to defend against modern attackers, minimising the attack surface by eliminating threats from the most common attack vectors – email, browsers, and downloads.”

Categories : Around the Industry

Tags : Cybersecurity HP Inc Ransomware Threats Wolf Security

  • Apex Web ad Nov 2024
  • Cartridge Web Nov Web Banner
  • IR Italiana Web ad January 2021
  • G&G web advert October 2024
  • TN Core Nov Web advert
  • Biuromax web banner July 2024
  • Static Control June 2022 Big & Bold Ad
  • GM Technology Nov Web Ad
  • Ink Tank No Web advert
  • denner UK Web Banner Jul 2024
  • CET Web ad December 2023
  • HYB Web banner Jan 2024
  • Mito Web banner June 2024
  • Denner Feb 2024 Web Ad
  • Zhono Web ad March 2024
  • ITP Web ad January 2021
  • PCL Nov Web advert
  • PCL Nov Web advert
  • Denner Feb 2024 Web Ad
  • denner UK Web Banner Jul 2024
  • Mito Web banner June 2024
  • Zhono Web ad March 2024
  • HYB Web banner Jan 2024
  • CET Web ad December 2023
  • ITP Web ad January 2021
  • denner UK Web Banner Jul 2024
  • Mito Web banner June 2024
  • Denner Feb 2024 Web Ad
  • Zhono Web ad March 2024
  • PCL Nov Web advert
  • ITP Web ad January 2021
  • HYB Web banner Jan 2024
  • CET Web ad December 2023

The Recycler, Wittas House, Two Rivers, Station Lane, Witney, OX28 4BH, United Kingdom | Tel: +44 (0) 1993 899800 | Fax : +44 (0) 1993 226899
©2006-2023 The Recycler - Terms & Conditions - Privacy Policy including cookie use

Web design Dorset | Websites by Mark