HP Inc. has released its latest global Threat Insights Report, providing analysis of real-world cybersecurity attacks and vulnerabilities. The research shows a significant increase in the frequency and sophistication of cybercrime activity, including a 65% rise in the use of hacking tools downloaded from underground forums and filesharing websites from H2 2020 to H1 2021.
The researchers noted hacking tools in wide circulation were surprisingly capable. For example, one tool can solve CAPTCHA challenges using computer vision techniques, namely optical character recognition (OCR), in order to perform credential stuffing attacks against websites. More broadly, the report found that cybercrime is more organized than ever, with underground forums providing a perfect platform for threat actors to collaborate and share attack tactics, techniques and procedures.
“The proliferation of pirated hacking tools and underground forums are allowing previously low-level actors to pose serious risks to enterprise security,” says Dr. Ian Pratt, Global Head of Security, Personal Systems, HP Inc.“Simultaneously, users continue to fall prey to simple phishing attacks time and time again. Security solutions that arm IT departments to stay ahead of future threats are key to maximizing business protection and resilience.”
Notable threats isolated by HP Wolf Security included:
- Cybercriminal collaboration is opening the door to bigger attacks against victims: Dridex affiliates are selling access to breached organizations to other threat actors, so they can distribute ransomware. The drop in Emotet activity in Q1 2021 has led to Dridex becoming the top malware family isolated by HP Wolf Security.
- Information stealers delivering nastier malware: CryptBot malware – historically used as an infostealer to siphon off credentials from cryptocurrency wallets and web browsers – is also being used to deliver DanaBot – a banking trojan operated by organized crime groups.
- VBS downloader campaign targeting business executives: A multi-stage Visual Basic Script (VBS) campaign is sharing malicious ZIP attachments named after the executive it’s targeting. It deploys a stealthy VBS downloader before using legitimate SysAdmin tools to “live off the land”, persisting on devices and delivering malware.
- From application to infiltration: A résumé-themed malicious spam campaign targeted shipping, maritime, logistics and related companies in seven countries (Chile, Japan, UK, Pakistan, US, Italy and the Philippines), exploiting a Microsoft Office vulnerability to deploy the commercially-available Remcos RAT and gain backdoor access to infected computers.
Discussion about this post