- Trump taps Sriram Krishnan for AI advisor role amid strategic shift in tech policy
- 5 network automation startups to watch
- 4 Security Controls Keeping Up with the Evolution of IT Environments
- ICO Warns of Festive Mobile Phone Privacy Snafu
- La colaboración entre Seguridad y FinOps puede generar beneficios ocultos en la nube
Trends in the threat landscape
Each quarter HP’s security experts highlight notable malware campaigns, trends and techniques identified by HP Wolf Security. By isolating threats that have evaded detection tools and made it to endpoints, HP Wolf Security gives an insight into the latest techniques used by cybercriminals, equipping security teams with the knowledge to combat emerging threats and improve their security postures.
Discover the following highlights uncovered this quarter.
- Threat actors continued to thrive off living-off-the-land tactics in Q3, abusing tools built into Windows to conduct their attacks. The HP Threat Research team identified a new malware campaign that relied entirely on living-off-the-land tools. The attackers impersonated a shipping company to spread Vjw0rm and Houdini script malware.2 3 But time may be up for these malware families, given the deprecation of VBScript announced by Microsoft in October 2023. We expect threat actors will shift to tools written in other interpreted languages like Batch and PowerShell in response.
- The team identified a surge in the abuse of Excel add-in (XLL) files in Q3.5 Macro-enabled Excel add-in malware rose to the 7th most popular file extension used by attackers, up from 46th place in Q2. HP Wolf Security detected attackers trying to infect devices with Parallax RAT through malicious Excel add-ins masquerading as scanned invoices.
- In Q3, HP Wolf Security detected a malware campaign targeting hotels in Latin America with macro-enabled PowerPoint add-ins. The presentations, sent via email, were disguised as information from a hospitality management software vendor.
- HP uncovered attackers hosting fake remote access trojans (RATs) on GitHub, attempting to trick inexperienced cybercriminals into infecting their own PCs. The code repositories claim to contain full versions of a popular malware kit called XWorm that sells for up to $500 USD, but instead downloads and runs malware on the aspiring hacker’s machine.
Click here to read the full report. To find out more about HP’s Workforce Security Solutions click here.