Hackers are sharing ‘surprisingly capable’ tools to ‘supercharge capabilities’ says HP Threat Insights Report
- Published: Wednesday, 28 July 2021 08:48
HP has released its latest global Threat Insights Report, providing analysis of real-world cyber security attacks and vulnerabilities. The research shows a significant increase in the frequency and sophistication of cybercrime activity. The report identifies a 65 percent rise in the use of hacking tools downloaded from underground forums and filesharing websites from H2 2020 to H1 2021.
The researchers noted hacking tools in wide circulation were surprisingly capable. For example, one tool can solve CAPTCHA challenges using computer vision techniques, namely optical character recognition (OCR), in order to perform credential stuffing attacks against websites. More broadly, the report found that cybercrime is more organized than ever, with underground forums providing a perfect platform for threat actors to collaborate and share attack tactics, techniques, and procedures.
“The proliferation of pirated hacking tools and underground forums are allowing previously low-level actors to pose serious risks to enterprise security,” says Dr. Ian Pratt, Global Head of Security, Personal Systems, HP Inc. “Simultaneously, users continue to fall prey to simple phishing attacks time and time again. Security solutions that arm IT departments to stay ahead of future threats are key to maximizing business protection and resilience.”
Other key findings in the report include:
- 75 percent of malware detected was delivered via email, while web downloads were responsible for the remaining 25 percent. Threats downloaded using web browsers rose by 24 percent, partially driven by users downloading hacking tools and cryptocurrency mining software.
- The most common email phishing lures were invoices and business transactions (49 percent), while 15 percent were replies to intercepted email threads. Phishing lures mentioning COVID-19 made up less than 1 percent, dropping by 77 percent from H2 2020 to H1 2021.
- The most common type of malicious attachments were archive files (29 percent), spreadsheets (23 percent), documents (19 percent), and executable files (19 percent). Unusual archive file types – such as JAR (Java Archive files) – are being used to avoid detection and scanning tools, and install malware that’s easily obtained in underground marketplaces.
- The report found that 34 percent of malware captured was previously unknown, a 4 percent drop from H2 2020.
- A 24 percent increase in malware that exploits CVE-2017-11882, a memory corruption vulnerability commonly used to exploit Microsoft Office or Microsoft WordPad and carry out fileless attacks.
Read the report (PDF).