HP Report Surfaces Shifts in Cyber Attack Tactics

HP Wolf Security has published a report that finds that the tactics and techniques being used by cybercriminals are evolving. In contrast, different cybercriminals continue to exploit weaknesses that are simple to exploit.

For example, cybercriminals use an advanced WikiLoader campaign to exploit open redirect vulnerabilities within websites to circumvent detection. Users are directed to trustworthy sites, often via fake advertisements, before being redirected to malicious sites.

Elsewhere, cybercriminals have been observed hiding malware inside HTML files that are fake delivery invoices which, once opened, unleash a series of events that result in AsyncRAT malware being deployed.

Other cybercriminals use the Windows Background Intelligent Transfer Service (BITS), a mechanism used by programmers and system administrators to download or upload files to web servers and file shares, to download malicious files.

Alex Holland, senior malware analyst for HP Wolf Security, said that, in general, cybercriminals are becoming more adept at targeting individuals within specific enterprises. He noted that rather than relying on a spray-and-pray approach to launching attacks, cybercriminals are trying to find the path of least resistance for launching a targeted attack at the least cost possible.

Overall, the HP Wolf Security report identifies email attachments (53%), downloads from browsers (25%) and other infection vectors, such as removable storage, such as USB thumb drives and file shares (22%), as the top three threat vectors.

The report noted that, additionally, at least 65% of document threats relied on an exploit to execute code, rather than macros.

Finally, at least 12% of email threats identified bypassed one or more email gateway scanners.

Daily Reports of New Vulnerabilities

Despite daily reports of new vulnerabilities that can be exploited, cybercriminals are not inclined to invest the time and effort required to exploit them when simpler methods are readily available. Most organizations would significantly improve their cybersecurity posture by focusing more on improving fundamentals, such as blocking exotic file types, rather than tracking every new potential exploit, noted Holland. He added that the more isolated risky types of content are, the better the overall state of cybersecurity will be.

Of course, it remains to be seen how cyber threats will evolve in the age of artificial intelligence (AI). It’s probable cyberattacks will increase in volume and sophistication but to what degree remains anybody’s guess when existing methods remain effective. The one certain thing, however, is most cybersecurity teams in the face of the ongoing shortage of expertise will need to rely more on AI to combat a wide range of cybersecurity threats.

In the meantime, cybersecurity teams should take a hard look at the manual tasks they perform today with an eye toward either relying on AI and other forms of automation to eliminate them or outsourcing them to an external security service provider better equipped to handle them. Most organizations have limited cybersecurity resources so ensuring they are optimally employed is imperative when the number of adversaries only continues to expand.