Cybercriminals work together to drive greater profits
Cybercrime is getting more organized than ever, as threat actors increase collaboration and adapt methods to drive greater monetization, selling access to breached systems to organized criminal groups and ransomware gangs.
The latest HP Wolf Security Threat Insights Report, reveals a 65 percent rise in the use of hacking tools downloaded from underground forums and file sharing websites between the second half of 2020 and the first half of 2021.
Many tools in circulation are surprisingly capable too, with one using computer vision techniques to bypass CAPTCHA challenges and perform credential stuffing attacks against websites.
"The cybercrime ecosystem continues to develop and transform, with more opportunities for petty cybercriminals to connect with bigger players within organized crime, and download advanced tools that can bypass defenses and breach systems," says Alex Holland, senior malware analyst at HP. "We're seeing hackers adapt their techniques to drive greater monetization, selling access on to organized criminal groups so they can launch more sophisticated attacks against organizations. Malware strains like CryptBot previously would have been a danger to users who use their PCs to store cryptocurrency wallets, but now they also pose a threat to businesses. We see infostealers distributing malware operated by organized criminal groups -- who tend to favor ransomware to monetize their access."
The report also shows that 75 percent of malware detected was delivered via email, while web downloads were responsible for the remaining 25 percent. Threats downloaded using web browsers rose by 24 percent, partially driven by users downloading hacking tools and cryptocurrency mining software.
The most common email phishing lures are invoices and business transactions (49 percent), while 15 percent are replies to intercepted email threads. Phishing lures mentioning COVID-19 made up less than one percent, dropping by 77 percent from the end of 2020.
The most common type of malicious attachments are archive files (29 percent), spreadsheets (23 percent), documents (19 percent), and executable files (19 percent). Unusual archive file types -- such as JAR (Java Archive files) -- are being used to avoid detection and scanning tools, and install malware that’s easily obtained in underground marketplaces. Only 34 percent of the malware captured was previously unknown, a four percent drop from 2020.
"Cybercriminals are bypassing detection tools with ease by simply tweaking their techniques. We saw a surge in malware distributed via uncommon file types like JAR files -- likely used to reduce the chances of being detected by anti-malware scanners," adds Holland. "The same old phishing tricks are reeling in victims, with transaction-themed lures convincing users to click on malicious attachments, links and web pages."
You can get the full report from the HP site.