HP Inc. has released a report shedding light on the evolving tactics employed by cybercriminals to elude detection tools. Drawing on data gathered by HP Wolf Security between April and June 2023, the study reveals that cybercriminals are now blending various established attack methods in novel ways to circumvent security policies and detection mechanisms.
An instance involved the use of multiple programming languages within a single attack to bypass defenses. This attack started with Go for encryption, then shifted to C++ to interact with the operating system and execute .NET malware in memory. Another technique identified in the report is a cyberattack that employed a DNS TXT record query to deliver the AgentTesla remote access Trojan (RAT).
Furthermore, the report highlights the growing trend of hiding malicious code within platforms like Blogspot, a service commonly used for hosting blogs. The findings underscore that email (79%) and browser downloads (12%) remain the prime threat vectors.
Although the attacks detailed in the report aren’t notably sophisticated, they reveal a trend in cybercriminals’ tactics – blending techniques in unique combinations to avoid detection. Patrick Schläpfer, a senior malware analyst at HP Wolf Security, noted that while the attacks themselves aren’t highly complex, they show how cybercriminals are adept at shifting their strategies.
Many of these attacks target end users, particularly those working from home due to the COVID-19 pandemic. These systems, often less secure than corporate firewalls, can be compromised, offering malware a pathway to spread. The report emphasizes that most attacks leverage relatively simple exploits, and the incentive for cybercriminals to develop complex ones is low when existing methods can be easily adapted.
Cybersecurity professionals are urged to remain vigilant as adversaries’ tactics evolve. The challenge lies in identifying these shifts in time to mitigate potential damages, as the element of time is rarely in favor of defenders.
