The latest HP Wolf Security Threat Insights Report highlights a concerning trend: the rise of pre-packaged malware kits in cybercriminal marketplaces. These “meal kits” are providing even low-level attackers with sophisticated tools to evade detection and compromise organizational security. The report draws data from millions of endpoints equipped with HP Wolf Security,
Retro Malware with a Modern Twist
“Jekyll and Hyde” Attacks and Affordable Cybercrime Kits
Another alarming development is the emergence of “Jekyll and Hyde” attacks. In one identified campaign involving the Parallax RAT (Remote Access Trojan), attackers launched two threads when users opened a malicious scanned invoice. While one thread displayed a legitimate-looking invoice, the other ran the malware in the background. Such attacks have become more accessible, with pre-packaged Parallax kits being advertised on hacking forums for as little as $65 USD per month.
Alex Holland, Senior Malware Analyst at HP Wolf Security, notes, “Threat actors today can easily purchase pre-packaged, user-friendly malware ‘meal kits’, that infect systems with a single click. Instead of creating their own tools, low-level cybercriminals can access kits that use living-off-the-land tactics. These stealthy in-memory attacks are often harder to detect due to security tool exclusions for admin use, like automation.”
Deception in the Cybercriminal World
Small Business Deals
The report also sheds light on the deceptive practices within the cybercriminal community. Attackers are reportedly setting traps for aspiring cyber criminals by hosting fake malware-building kits on platforms like GitHub. These traps lead to the attackers infecting their own machines. Despite the availability of popular malware kits like XWorm for $500 USD, many resource-strapped cyber criminals fall for these fake, cracked versions.
Insights from HP Wolf Security
HP Wolf Security’s unique approach involves isolating threats on PCs in a safe manner, allowing malware to detonate without causing harm. This method has provided HP with specific insights into cybercriminal techniques. Remarkably, HP Wolf Security customers have interacted with over 30 billion email attachments, web pages, and downloaded files without a single reported breach.
Diversified Cyber Attack Methods
The report further details the evolving tactics of cybercriminals:
- Archives remain the most popular malware delivery method, used in 36% of cases.
- Macro-enabled Excel add-in threats (.xlam) have risen significantly in popularity.
- At least 12% of email threats bypassed email gateway scanners.
- Q3 saw a notable increase in attacks using Excel (91%) and Word (68%) exploits.
- A 5%-point rise in PDF threats was noted compared to the previous quarter.
- The primary threat vectors were email (80%) and browser downloads (11%).
Holland emphasizes the importance of proactive measures: “To counter pre-packaged malware kits, businesses should isolate high-risk activities like opening email attachments and clicking links. This minimizes breach potential by reducing the attack surface.”
HP Wolf Security’s application isolation technology is a pivotal defense against threats that bypass conventional security tools, offering unique insights into intrusion techniques and threat actor behavior.
This data was collated from consenting HP Wolf Security customers during July-September 2023, providing a comprehensive view of current cybersecurity threats and trends.