“HP Wolf Security” threatening team is ringing a “bell” for the speed with which cybercriminals mobilize to exploit new “zero day” vulnerabilities —before businesses can update their systems— in the context of the publication of the “HP Wolf Security Threat Insights” World Expo.
As stated in a relevant announcement:
““Zero-day CVE-2021-40444” attacks —a remote code execution vulnerability that allows the malicious use of the “MSHTML” browser using Microsoft Office documents— were first recorded by HP on September 8, one week before the September 14 release of the patch.
By September 10 —three days after the technical details of the threat were released— HP’s threat research team identified “scripts” posted on “GitHub” designed to automatically attack vulnerabilities! If the system has not been updated, the vulnerability allows intruders to breach it with minimal user action! For its transfer the malware uses a compressed file and is installed via an “Office” document. Users do not need to open the file, or activate the macros; simply appearing in the “File Explorer” preview window is enough to launch the attack, which is often unnoticed by the user! Once the device is compromised, intruders can open backdoors on the corporate network and then sell access data to ransomware groups.“
Other notable threats isolated from the “HP Wolf Security” Threat Intelligence Team include:
- Increase in cyber criminals, who use branded “Cloud” providers and websites to host malware.
- A targeted campaign was found to represent the Ugandan National Social Security Fund.
- Switching to “HTA” files allows malware to spread with a single “click”.
“The average time for a business to fully implement, test and develop patches with the right controls is 97 days, giving cybercriminals the opportunity to take advantage of this ‘vulnerability window’.”
explains Alex Holland, Senior Malware Analyst of the threat research team of “HP Wolf Security”, HP Inc.
As he notes:
“While initially only highly skilled hackers could take advantage of it, automated ‘scripts’ have lowered the bar of difficulty, making this type of attack accessible to threat agents with less knowledge and resources! This significantly increases the risk for businesses, as ‘zero day’ vulnerabilities are commercialized and made available on the mass market in places like underground forums!“
“These innovative attack tools tend to be effective in avoiding detection tools, as tracking signatures can be incomplete and quickly obsolete due to changes in their range of functionality. We expect threat carriers to adopt “CVE-2021-40444”, as part of their arsenal and possibly even replace common tools used to gain initial access to systems today; such as those targeting the “Equation Editor””,
points out Alex Holland.
The findings are based on data from millions of terminals running “HP Wolf Security”. “HP Wolf Security” monitors malware —by performing dangerous tasks on individual micro-virtual machines (micro VMs) to understand and record the entire infection chain— helping to isolate threats escaping other security tools. This allowed customers to click on over 10 billion email attachments, websites and downloads without reported violations. By better understanding the behavior of malware in practice, “HP Wolf Security” researchers and engineers can enhance endpoint security protection and overall system resilience.
The main findings of the report include:
- 12% of the “email” malware isolated had bypassed at least one gateway scanner.
- 89% of the detected malware was delivered via “email”, while web downloads were responsible for 11%, and other media, such as removable storage devices, for less than 1%.
- The most common attachments used to deliver malware were compressed files (38% from 17.26% in the previous quarter), Word documents (23%), Excel sheets (17%) and executable files (16%).
- The top five most common “phishing” traps were related to business transactions, such as “orders”, “payments”, “news”, “offers” and “requests”.
- The report found that 12% of the malware recorded was previously unknown.
“We can no longer rely on detection alone. The threat landscape is very dynamic and, as we can see from the analysis of the threats recorded in our VMs, the intruders are becoming more and more capable of avoiding detection!“
comments Dr. Ian Pratt, Global Head of Security for Personal Systems, HP Inc.
“Organizations must follow a multi-level approach to endpoint security, following zero-confidence principles to limit and isolate the most common attackers; such as “email”, “browsers”, and “downloads”. This will eliminate the attack surface for entire categories of threats, while giving organizations the space they need to securely coordinate their software update cycles without interrupting their services.”
(Συνολικές Επισκέψεις: / Total Visits: 20)
(Σημερινές Επισκέψεις: / Today's Visits: 1)