PALO ALTO, Calif.—In a year when cybersecurity threats have already shut down websites and operations at some TV stations, the newest HP global Threat Insights Report finds “increasing cybercrime sophistication and a boom in monetization and hacking tools, while end users are still vulnerable to old tricks.”
The report from HP Wolf Security threat research team found a 65% rise in the use of hacking tools downloaded from underground forums and file sharing websites from the second half of 2020 to the first half of 2021.
Cybercrime is more organized than ever, with underground forums providing a perfect platform for threat actors to collaborate and share attack tactics, techniques and procedures, the report noted.
“The proliferation of pirated hacking tools and underground forums are allowing previously low-level actors to pose serious risks to enterprise security,” says Dr. Ian Pratt, global head of security, Personal Systems, HP Inc. “Simultaneously, users continue to fall prey to simple phishing attacks time and time again. Security solutions that arm IT departments to stay ahead of future threats are key to maximizing business protection and resilience.”
The report also found that cybercriminal collaboration is opening the door to bigger attacks against victims with Dridex affiliates selling access to breached organizations to other threat actors, so they can distribute ransomware. The drop in Emotet activity in Q1 2021 has led to Dridex becoming the top malware family isolated by HP Wolf Security.
Information stealers have also launched nastier malware. CryptBot malware – historically used as an infostealer to siphon off credentials from cryptocurrency wallets and web browsers – is also being used to deliver DanaBot – a banking trojan operated by organized crime groups, the researchers explained.
“The cybercrime ecosystem continues to develop and transform, with more opportunities for petty cybercriminals to connect with bigger players within organized crime, and download advanced tools that can bypass defenses and breach systems,” observed Alex Holland, senior malware analyst, HP Inc. “We’re seeing hackers adapt their techniques to drive greater monetization, selling access on to organized criminal groups so they can launch more sophisticated attacks against organizations. Malware strains like CryptBot previously would have been a danger to users who use their PCs to store cryptocurrency wallets, but now they also pose a threat to businesses. We see infostealers distributing malware operated by organized criminal groups – who tend to favor ransomware to monetize their access.”
Currently, about 75% of malware detected was delivered via email, while web downloads were responsible for the remaining 25%. Threats downloaded using web browsers rose by 24%, partially driven by users downloading hacking tools and cryptocurrency mining software, the researchers found.
The most common email phishing lures were invoices and business transactions (49%), while 15% were replies to intercepted email threads. Phishing lures mentioning COVID-19 made up less than 1%, dropping by 77% from the second half of 2020 to the first half of 2021.
The most common type of malicious attachments were archive files (29%), spreadsheets (23%), documents (19%), and executable files (19%).
In addition unusual archive file types – such as JAR (Java Archive files) – are being used to avoid detection and scanning tools, and install malware that’s easily obtained in underground marketplaces.
“As cybercrime becomes more organized, and smaller players can easily obtain effective tools and monetize attacks by selling on access, there’s no such thing as a minor breach,” concluded Pratt. “The endpoint continues to be a huge focus for cybercriminals. Their techniques are getting more sophisticated, so it’s more important than ever to have comprehensive and resilient endpoint infrastructure and cyber defense. This means utilizing features like threat containment to defend against modern attackers, minimizing the attack surface by eliminating threats from the most common attack vectors – email, browsers, and downloads.”
The data for the report was gathered within HP Wolf Security customer virtual-machines from January to June 2021.
The Threats Insight Report can be accessed here.
