HP has released the latest global Threat Predictions Report, which analyzes cybersecurity attacks and vulnerabilities. The research shows a 65 percent increase in the use of cyberattack tools downloaded from file sharing websites from the second half of 2020 to the first half of 2021.
Researchers state that widely circulated cyber attack tools have many features. For example, it can solve CAPTCHA challenges by using computer vision techniques such as optical character recognition (OCR) to perform credential stuffing attacks against websites.
HP Personal Systems Security Global Head Dr. Ian Pratt said:
“The proliferation of cyberattack tools and underground forums allows previously low-level actors to pose serious risks to corporate security. At the same time, users continue to fall victim to simple phishing attacks. Security solutions that equip IT departments to prevent future threats before they happen are key to maximizing companies’ protection and resilience.”
Among the key threats HP Wolf Security has identified are the following:
Cybercriminals work together to open the door to greater attacks: Parties affiliated with Dridex sell access to compromised companies to other threat actors so they can distribute ransomware. The decline in Emotet activity in the first quarter of 2021 has resulted in Dridex becoming the most advanced malware family detected by HP Wolf Security.
Information thieves introduce malware with greater consequences: CryptBot malware, used in the past as an information thief to extract credentials from cryptocurrency wallets and web browsers, is also used to infiltrate DanaBot, a banking trojan run by organized crime groups.
VBS downloads targeting corporate administrators: A multi-stage Visual Basic Script (VBS) run shares malicious ZIP attachments named after the administrator it targets. It then installs a hidden VBS downloader before using legitimate SysAdmin tools to persist on devices and distribute malware.
Software that starts out as applications is infiltrating companies: It exploits a vulnerability of Microsoft Office to distribute and target shipping, shipping, logistics and related companies in seven countries (Chile, Japan, UK, Pakistan, USA, Italy and the Philippines) résumé-themed) malicious spam efforts gain backdoor access to existing Remcos RAT and infected computers.
“In the cybercrime ecosystem, the opportunity for small cybercriminals to connect with larger players in organized crime and download advanced tools that can bypass defenses and breach systems is increasing,” said Alex Holland, Senior Malware Analyst at HP. That’s why the ecosystem continues to evolve and transform. We see cyber attackers changing their techniques to make more money and selling access to organized crime groups so they can launch more sophisticated attacks against companies. Malware strains such as CryptBot formerly posed a danger to users who used their computers to store their cryptocurrency wallets. But now it has become a threat to companies as well. “We see information thieves distributing malware run by organized crime groups that tend to opt for ransomware to monetize their access to cyber-attack tools.”
Other key findings in the report include:
75 percent of detected malware was sent via email, while the remaining 25 percent was downloaded from websites. Threats downloaded using web browsers increased by 24 percent, albeit indirectly, due to users downloading cyberattack tools and cryptocurrency mining software.
The most common email phishing attempts were made through invoices and business transactions (49%), and 15% were responses to compromised email conversations. Phishing traps that spoke of COVID-19 made up less than 1 percent, down 77 percent from the second half of 2020 to the first half of 2021.
The most common types of malicious attachments were archive files (29 percent), spreadsheets (23 percent), documents (19 percent), and executable files (19 percent). Unusual archive file types such as JAR (Java Archive files) are used to evade detection and scanning tools and to install malware that is readily available in underground markets.
The report found that 34 percent of malware caught was previously unknown, with such malware falling by 4 percent compared to the second half of 2020.
A 24 percent increase is observed in malware exploiting the vulnerability CVE-2017-11882, which is widely used to exploit Microsoft Office or Microsoft WordPad and perform fileless attacks.