Hackers have completely diversified their attack methods in recent times, especially with the increase in phishing campaigns using QR codes. This is what emerges from the latest quarterly report from HP, HP Wolf Security Threat Insights.
Thanks to its insulation technology, HP Wolf Security has specific insight into the latest techniques used by cybercriminals, understanding the threats that have evaded detection tools and reached user endpoints. To date, customers with HP Wolf Security have clicked on more than 25 billion attachments email, web pages and downloaded without any violation being reported.
Since February 2022, Microsoft started blocking macros in Office files by defaultmaking it more difficult for attackers to execute malicious code.
Report Findings
Data collected by HP’s Threat Research team shows that since Q2 2022, attackers have diversified their techniques to find new ways to compromise devices and steal data. Based on data from millions of endpoints running HP Wolf Security, research has discovered:
- The rise of scams when scanning a QR code: since October 2022, HP has seen almost daily campaigns of “scanning scams” of QR codes. These scams trick users into scanning the codes from their computers using their mobile devices, potentially taking advantage of less phishing protection and detection on those devices. QR codes direct users to malicious websites where they are They ask for credit and debit card information. Examples that occurred in the fourth quarter include phishing campaigns that impersonate parcel companies to request payment.
- HP has seen a 38% increase in malicious PDF attachments: Recent attacks use embedded images that link to encrypted malicious ZIP files, bypassing web gateway scanners. The PDF instructions contain a password and the user is tricked into entering it and decompressing a ZIP file, deploying QakBot or IcedID malware to gain unauthorized access to systems, which are used as the first line to deploy ransomware.
- 42% of malware was introduced in compressed files such as ZIP, RAR and IMG: Archive popularity has increased 20% since Q1 2022 as threats shift to archive files scripts to execute your attacks. While 38% of malware is distributed through office files like Microsoft Word, Excel and PowerPoint.
“We have seen malware distributors such as Emotet attempt to circumvent Office’s stricter macro policy with complex social engineering tactics, which we believe are proving less effective. But when one door closes, another opens, as evidenced by the rise in scanning scams, malvertising, file and PDF malware.”, explains Alex Holland, principal malware analyst in the threat research team at HP Wolf Security, HP. “Users should be on the lookout for emails and websites that ask to scan QR codes and hand over sensitive data, as well as PDFs that link to password-protected files.”
In the fourth quarter, HP also discovered 24 known software projects imitated in malvertising campaigns used to infect PCs with eight families of malware, up from just two similar campaigns in the previous year. The attacks are based on users clicking on search engine ads, which lead to malicious websites that look almost identical to real websites.
“Although techniques evolve, threats continue to use social engineering to attack users at the endpoint”says Ian Pratt, HP’s global head of personal systems security. “Organizations must deploy strong isolation to contain the most common attack vectors, such as email, web browsing, and downloads. Combining this with credential protection solutions that warn or prevent users from entering sensitive data on suspicious sites greatly reduces the attack surface and improves an organization’s security posture.”
