HP Catches Cybercriminals ‘Cat-Phishing’ Users

Posted on May 21, 2024

HP Inc has issued its quarterly HP Wolf Security Threat Insights Report, showing attackers are relying on open redirects, overdue invoice lures, and Living-off-the-Land (LotL) techniques to sneak past defences. The report provides an analysis of real-world cyberattacks, helping organizations to keep up with the latest techniques cybercriminals use to evade detection and breach PCs in the fast-changing cybercrime landscape.

Based on data from millions of endpoints running HP Wolf Security, notable campaigns identified by HP threat researchers include:

  • Attackers using open redirects to ‘Cat-Phish’ users:In an advanced WikiLoader campaign, attackers exploited open redirect vulnerabilities within websites to circumvent detection. Users were directed to trustworthy sites, often through open redirect vulnerabilities in ad embeddings. They were then redirected to malicious sites – making it almost impossible for users to detect the switch.
  • Living-off-the-BITS:Several campaigns abused the Windows Background Intelligent Transfer Service (BITS) – a legitimate mechanism used by programmers and system administrators to download or upload files to web servers and file shares. This Lot technique helped attackers remain undetected by using BITS to download the malicious files.
  • Fake invoices leading to HTML smuggling attacks: HP identified threat actors hiding malware inside HTML files posing as delivery invoices which, once opened in a web browser, unleash a chain of events deploying open-source malware, AsyncRAT. Interestingly, the attackers paid little attention to the design of the lure, suggesting the attack was created with only a small investment of time and resources.

 

Patrick Schläpfer, Principal Threat Researcher in the HP Wolf Security threat research team, comments:

 

“Targeting companies with invoice lures is one of the oldest tricks in the book, but it can still be very effective and hence lucrative. Employees working in finance departments are used to receiving invoices via email, so they are more likely to open them. If successful, attackers can quickly monetize their access by selling it to cybercriminal brokers, or by deploying ransomware.”

 

By isolating threats that have evaded detection-based tools – but still allowing malware to detonate safely – HP Wolf Security has specific insight into the latest techniques used by cybercriminals. To date, HP Wolf Security customers have clicked on over 40 billion email attachments, web pages, and downloaded files with no reported breaches.

 

The report details how cybercriminals continue to diversify attack methods to bypass security policies and detection tools. Other findings include:

  • At least 12% of email threats identified by HP Sure Click Enterprise*bypassed one or more email gateway scanners.
  • The top threat vectors in Q1 were email attachments (53%), downloads from browsers (25%) and other infection vectors, such as removable storage – like USB thumb drives – and file shares (22%).
  • This quarter, at least 65% of document threats relied on an exploit to execute code, rather than macros.

 

Dr. Ian Pratt, Global Head of Security for Personal Systems at HP Inc., comments:

 

“Living-off-the-Land techniques expose the fundamental flaws of relying on detection alone. Because attackers are using legitimatetools, it’s difficult to spot threats without throwing up a lot of disruptive false positives. Threat containment provides protection even when detection fails, preventing malware from exfiltrating or destroyinguser dataor credentials, and preventing attacker persistence. This is whyorganizations shouldtake a defence-in-depth approach to security, isolating and containing high-risk activities to reduce their attack surface.”

 

HP Wolf Security** runs risky tasks in isolated, hardware-enforced disposable virtual machines running on the endpoint to protect users, without impacting their productivity. It also captures detailed traces of attempted infections. HP’s application isolation technology mitigates threats that slip past other security tools and provides unique insights into intrusion techniques and threat actor behavior.

Categorised as : ICT
No Comments »

Related posts

Nigeria AI Film Festival Returns for 2026: Is This Becoming The Defining Platform for AI-Driven Storytelling in Africa?
TechRise: Otti’s Bold Investment In The Future Of Abia Youths
TechRise: Otti’s Bold Investment In The Future Of Abia Youths
Aurora Ventures To Close Funding Gap For Women Founders in Emerging Markets
From Virality To Viability: Making Africa’s Creator Economy Bankable
World Password Day 2026: Why “Strong Passwords” Can’t Save You From AI
World Password Day 2026: Why “Strong Passwords” Can’t Save You From AI

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest News

Sanwo-Olu Presents Hamzat, Sonayon-James To President Tinubu Ahead Of Gubernatorial Election
Lagos State Governor, Mr. Babajide Sanwo-Olu, has presented Deputy Governor, Dr. Obafemi Hamzat and... Continue
Gov Soludo Inaugurates 8th Governing Council Of Chukwuemeka Odumegwu Ojukwu University
CHRISTIAN ABURIME Governor Chukwuma Charles Soludo, CFR, has officially inaugurated the eighth Governing Council... Continue
16 United Nigeria Airlines, ValueJet engineers to commence Boeing 737NG training June 16
Boeing has commenced its first tranche of advanced technical training program in Lagos for... Continue
Coca-Cola Marks 75 Years of Refreshing Nigeria With Extra Value Packs, Nationwide Celebration, and Cultural Moments
Since its introduction into the Nigerian market in the 1951, Coca-Cola has established itself... Continue
Warri Crisis: Father Abraham Movement Sues For Peace, Lauds Governor Oborevwori’s Intervention 
The National Chairman of the Father Abraham Movement, Chief Dr. Ovoke Idogun, has called... Continue
Accord Leaders in Osun Defy Adeleke, Reaffirm Gbenga Hashim As Presidential Candidate
Leaders, stakeholders, and longstanding members of the Accord Party in Osun State, including executives... Continue
Governor Lawal Names Executive Secretaries For Two Agencies, Appoints ZACADEP Co-ordinator
Zamfara State Governor, Dr Dauda Lawal has approved the appointment of three qualified citizens... Continue
Road to Glasgow: Nigeria Begins Commonwealth Games Weightlifting Preparations
  AFOLABI SAHEED OLAWALE The Nigeria Weightlifting Federation (NWF) has intensified preparations for the... Continue
Contextualising Bishop Abioye’s Yearning For Nigeria’s Prophet Elijah
UGOCHUKWU UGWUANYI   As if kowtowing to netizens’ pressure to exert their moral authority... Continue
Prof. Elizabeth Abidemi Balogun Passes On At 71
  The Federal University of Agriculture, Abeokuta (FUNAAB) community is mourning the loss of... Continue

UBA

Access Bank

Twitter

Sponsored