21 January 2025, Tue |
4:21 PM
21 January 2025, Tue |
4:21 PM
HP Inc. (NYSE: HPQ) has released its latest Threat Insights Report, revealing how cybercriminals are utilizing malware kits and generative artificial intelligence (GenAI) to enhance the effectiveness and efficiency of their attacks. These tools reduce the time and skill needed to create malicious components, allowing attackers to focus on bypassing detection systems and deceiving victims by embedding harmful code inside seemingly innocent images.
The report, based on millions of endpoints running HP Wolf Security, provides an in-depth analysis of real-world cyberattacks and highlights the ever-evolving tactics cybercriminals are using. Notable campaigns identified by HP’s threat researchers include large-scale operations spreading VIP Keylogger and 0bj3ctivityStealer malware. These attacks used the same loaders and techniques, suggesting that malware kits are being used to deliver various payloads. Attackers hid the malicious code in images hosted on file-sharing platforms like archive.org, allowing them to bypass network security systems such as web proxies that rely on reputation-based filtering.
The report also highlights the growing role of GenAI in creating malicious HTML documents. Researchers found that an XWorm remote access trojan (RAT) campaign employed HTML smuggling, which contained malicious code designed to download and execute malware. This method, similar to previous campaigns like AsyncRAT, showed clear indications that GenAI was used to assist in writing the code, demonstrating how these tools can simplify the creation of complex attack vectors.
Additionally, the report reveals that cybercriminals are targeting gamers by compromising cheat tools and modification repositories hosted on GitHub, injecting Lumma Stealer malware into executable files. This infostealer targets sensitive information, including passwords and crypto wallet details. Many gamers disable their security tools when downloading cheats, increasing their risk of infection.
According to Alex Holland, Principal Threat Researcher at HP Security Lab, “The commodification of cybercrime is accelerating. Malware kits, combined with GenAI scripting, make it easier for even novice attackers to launch effective campaigns. This allows them to focus on deceiving targets and selecting the most effective payloads, such as targeting gamers with malicious cheat repositories.”
Dr. Ian Pratt, Global Head of Security for Personal Systems at HP Inc., emphasized that cybercriminals are rapidly evolving their attack methods. “Instead of relying solely on detection tools, organizations should reduce their attack surface by isolating risky activities like opening email attachments or clicking on links,” he said.
Key findings from the report include:
HP Wolf Security plays a crucial role in protecting users by isolating threats in hardware-enforced virtual machines, preventing infections without disrupting productivity. The solution captures detailed traces of attempted infections and offers unique insights into cybercriminal tactics. With over 65 billion email attachments, web pages, and downloads clicked by HP Wolf Security customers, the technology continues to deliver effective protection against evolving threats.
For more information, download the full HP Threat Insights Report covering Q3 2024.
