Recent research from HP Wolf Security has unveiled alarming trends in cyberattacks, highlighting how attackers are exploiting the growing phenomenon of 'click tolerance' among users.
The latest HP Threat Insights Report identifies a particularly insidious tactic: the use of fake CAPTCHA verification tests. Attackers are creating counterfeit CAPTCHAs to mislead users into running malicious commands that install malware, such as the Lumma Stealer remote access trojan (RAT).
As Patrick Schläpfer, principal threat researcher in the HP Security Lab, notes, "A common thread across these campaigns is the use of obfuscation and anti-analysis techniques to slow down investigations. Even simple but effective defence evasion techniques can delay the detection and response of security operations teams."
Another concerning discovery is the deployment of surveillance malware, specifically XenoRAT, which allows attackers to gain access to users' webcams and microphones. By employing social engineering tactics, cybercriminals convince users to enable macros in Word and Excel documents, thereby compromising devices and exfiltrating sensitive data. This underscores the persistent risk posed by commonly used software tools.
Additionally, HP's report highlights a novel method of malware delivery involving SVG images, which are typically opened by default in web browsers. Attackers are embedding malicious JavaScript within these images to deploy various payloads, including RATs and infostealers. The use of obfuscated Python scripts in this campaign further illustrates how attackers are capitalising on Python's widespread popularity, particularly in the realms of AI and data science.
Dr. Ian Pratt, global head of Security for Personal Systems at HP, commented on the implications of these findings: "Multi-step authentication is now the norm, which is increasing our ‘click tolerance.’ The research shows users will take multiple steps along an infection chain, really underscoring the shortcomings of cyber awareness training."
As attackers diversify their methods to circumvent security measures, organisations must adapt their strategies accordingly. The report indicates that at least 11% of email threats successfully bypassed multiple email gateway scanners, with executables being the most common malware delivery method.
In an era where AI enhances the capabilities of both attackers and defenders, organisations should focus on reducing their attack surface by isolating risky actions. This proactive approach allows businesses to safeguard against unpredictable threats without needing to anticipate every potential attack vector.