Subscribe
About

Cyber criminals tap into data analytics to launch attacks

Staff Writer
By Staff Writer, ITWeb
Johannesburg, 15 Feb 2024
Distinguishing real from fake contnet will only get harder, says HP in its layest threat report.
Distinguishing real from fake contnet will only get harder, says HP in its layest threat report.

Cyber attackers continue to find innovative methods to deceive users and compromise endpoints, employing analytics to gauge 'victims per click'.

This is according to global technology firm HP’s Wolf Security Threat Insights Report, which details how cyber criminals diversify attack methods to bypass security policies and detection tools.

Using data gathered from consenting HP Wolf Security customers from October to December 2023, HP Wolf Security’s threat research team detected several notable campaigns. Among them was a DarkGate campaign which uses ad tools to enhance attacks.

The report details how cyber criminals continue to diversify attack methods to bypass security policies and detection tools.

Key findings include:

  • Archives remained the most popular malware delivery method for the seventh consecutive quarter, accounting for 30% of the malware analysed by HP,
  • At least 14% of e-mail threats identified by HP Sure Click bypassed one or more e-mail gateway scanners.
  • The top threat vectors in Q4 were e-mail (75%), downloads from browsers (13%), and other means like USB drives (12%).

Malicious PDF attachments, posing as OneDrive error messages, direct users to sponsored content hosted on a popular ad network. This leads to DarkGate malware.

HP notes: “By using ad services, threat actors can analyse which lures generate clicks and infect the most users – helping them refine campaigns for maximum impact. Threat actors can use CAPTCHA tools to prevent sandboxes from scanning malware and stopping attacks by ensuring only humans click. DarkGate hands backdoor access to cyber criminals into networks, exposing victims to risks like data theft and ransomware.”

Another noteworthy campaign involves a shift from macros to Office exploits. 

The company explains: “In Q4, at least 84% of attempted intrusions involving spreadsheets, and 73% involving Word documents, sought to exploit vulnerabilities in Office applications – continuing the trend away from macro-enabled Office attacks. But macro-enabled attacks still have their place, particularly for attacks leveraging cheap commodity malware like Agent Tesla and XWorm.”

HP also warns that PDF malware is on the rise and says 11% of malware analysed in Q4 used PDFs to deliver malware, compared to just 4% in Q1 and Q2 2023. A notable example was a WikiLoader campaign using a fake parcel delivery PDF to trick users into installing Ursnif malware.

Alex Holland, senior malware analyst in the HP Wolf Security threat research team, comments: “Cyber criminals are becoming adept at getting into our heads and understanding how we work. For instance, the design of popular cloud services is always being refined, so when a fake error message appears, it won’t necessarily raise an alarm, even if a user hasn’t seen it before. With GenAI generating even more convincing malicious content at little-to-no cost, distinguishing real from fake will only get harder.”

Dr Ian Pratt, global head of security for personal systems at HP Inc., adds, “Cyber criminals are applying the same tools a business might use to manage a marketing campaign to optimise their malware campaigns, increasing the likelihood the user will take the bait. To protect against well-resourced threat actors, organisations must follow zero trust principles, isolating and containing risky activities like opening e-mail attachments, clicking on links, and browser downloads."

Share