IT disaster recovery, cloud computing and information security news

Hackers are sharing ‘surprisingly capable’ tools to ‘supercharge capabilities’ says HP Threat Insights Report

HP has released its latest global Threat Insights Report, providing analysis of real-world cyber security attacks and vulnerabilities. The research shows a significant increase in the frequency and sophistication of cybercrime activity. The report identifies a 65 percent rise in the use of hacking tools downloaded from underground forums and filesharing websites from H2 2020 to H1 2021.

The researchers noted hacking tools in wide circulation were surprisingly capable. For example, one tool can solve CAPTCHA challenges using computer vision techniques, namely optical character recognition (OCR), in order to perform credential stuffing attacks against websites. More broadly, the report found that cybercrime is more organized than ever, with underground forums providing a perfect platform for threat actors to collaborate and share attack tactics, techniques, and procedures.

“The proliferation of pirated hacking tools and underground forums are allowing previously low-level actors to pose serious risks to enterprise security,” says Dr. Ian Pratt, Global Head of Security, Personal Systems, HP Inc. “Simultaneously, users continue to fall prey to simple phishing attacks time and time again. Security solutions that arm IT departments to stay ahead of future threats are key to maximizing business protection and resilience.”

Other key findings in the report include:

  • 75 percent of malware detected was delivered via email, while web downloads were responsible for the remaining 25 percent. Threats downloaded using web browsers rose by 24 percent, partially driven by users downloading hacking tools and cryptocurrency mining software.
  • The most common email phishing lures were invoices and business transactions (49 percent), while 15 percent were replies to intercepted email threads. Phishing lures mentioning COVID-19 made up less than 1 percent, dropping by 77 percent from H2 2020 to H1 2021.
  • The most common type of malicious attachments were archive files (29 percent), spreadsheets (23 percent), documents (19 percent), and executable files (19 percent). Unusual archive file types – such as JAR (Java Archive files) – are being used to avoid detection and scanning tools, and install malware that’s easily obtained in underground marketplaces.
  • The report found that 34 percent of malware captured was previously unknown, a 4 percent drop from H2 2020.
  • A 24 percent increase in malware that exploits CVE-2017-11882, a memory corruption vulnerability commonly used to exploit Microsoft Office or Microsoft WordPad and carry out fileless attacks.

Read the report (PDF).



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.