14 DAY TRIAL // A recent report published by HP titled HP Wolf Security Threat Insights Report shows that in the first half of 2021, email is the most used method of spreading malware and other threats, accounting for 75% of all threats.
Researchers at HP found that the number of hacking tools downloaded from file-sharing sites and hacking forums increased 65% from the second half of 2020. Some of the hacking tools are becoming increasingly sophisticated and are capable of defeating CAPTCHA obstacles by utilizing the most recent computer vision algorithms.
The investigation suggests that Dridex affiliates, now the top malware family isolated from HP Wolf Security, sold access to breached organizations, including ransomware gangs. Some cybercriminal gangs are now using CryptBot malware to spread DanaBot, a banking Trojan, and cyber attackers are increasingly targeting corporate executives.
Shipping, manufacturing, real estate, commodity traffic, maritime transport, and industrial supplies are among the sectors most affected. Ian Pratt, global head of security at HP, warned that the growth of unlicensed hacking tools and underground forums has enabled previously unsophisticated actors to pose significant threats to corporate security.
Campaigns target corporate executives
A multi-stage malware campaign known as the Visual Basic Script was discovered in March by HP Wolf Security. The campaign was aimed at senior executives and had multiple stages. The targets were sent a malicious ZIP attachment containing their first and last names in it.
The threat actor likely obtained sensitive information such as email addresses and full names from sources freely available online. There was an obfuscated VBS downloader in the archives, used to download a second VBS script into the user's %TEMP% folder from a remote server and stored it there.As a result of its clever hiding and poor detection rate, just 21% of VirusTotal virus scanners identified it as malicious during the first stage script.
Threat actors keep exploiting old Microsoft Office flaws
The organization has also uncovered a resume malicious spam campaign targeting logistics, maritime, shipping, and related companies across the United Kingdom, Chile, Italy, Japan, the Philippines, the United States, and Pakistan. The cyberattacks leverage a vulnerability to Microsoft Office to run commercially available Remcos RAT (Remote Access Tool) and access backdoor PCs.
The days of cybercriminals exploiting the COVID-19 pandemic as a bait appear to be ended, as less than 1% of emails contain references to the pandemic, with the use of the pandemic declining by 77% between the second half of 2020 and the first half of 2021.The research notes that threats downloaded via Web browsers increased by 24%, driven mostly by malware for cryptocurrency mining.