October 10, 2023

Endpoint security in your workplace

Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users via ransomware; or interrupting normal business processes.

In today’s connected world, everyone benefits from advanced cyberdefense programs. At an individual level, a cybersecurity attack can result in everything from identity theft, to extortion attempts, to the loss of important data like family photos. Everyone relies on critical infrastructure like power plants, hospitals, and financial service companies. Securing these and other organizations is essential to keeping our society functioning.

In a tech update seminar organized by Advance Solutions Inc in September, HP Philippines presented the HP Wolf Security defined as a new breed of endpoint security. HP’s portfolio of hardware-enforced security and endpoint-focused security services are designed to help organizations safeguard PCs, printers, and people from circling cyber predators. HP Wolf Security provides comprehensive endpoint protection and resiliency that starts at the hardware level and extends across software and services. 

HP Wolf Security Threat Insights Report

Each quarter HP’s security experts highlight notable malware campaigns, trends and techniques identified by HP Wolf Security. By isolating threats that have evaded detection tools and made it to endpoints, HP Wolf Security gives an insight into the latest techniques cybercriminals use, equipping security teams with the knowledge to combat emerging threats and improve their security postures.

The HP Wolf Security Threat Insights Report highlights notable malware campaigns analyzed by their threat research team so that their customers are aware of emerging threats and can take action to protect their environments.

Enterprises are most vulnerable from users opening email attachments, clicking on hyperlinks in emails, and downloading files from the web. HP Wolf Security protects the enterprise by isolating risky activity in micro-VMs, ensuring that malware cannot infect the host computer or spread onto the corporate network. HP Wolf Security uses introspection to collect rich forensic data to help their customers understand threats facing their networks and harden their infrastructure.  

blogImage__b6

Key findings of the Q2 2023 edition (HP Wolf Security Threat Insights Report)
include the following:

Email remained the top vector for delivering malware to endpoints. 79% of threats identified by HP Wolf Security were sent by email in Q2, down one percentage point over Q1. The number of email threats that had bypassed email security fell slightly in Q2. 12% of email threats detected by HP Wolf Security had bypassed one or more email gateway scanner, down two percentage points from the previous quarter. Malicious web browser downloads fell slightly by one percentage point to 12% in Q2. Threats delivered by other vectors, such as removable media, grew by two percentage points to 9% compared to Q1.

• QakBot spam activity surged in Q2, tallying 56 campaigns over the quarter. The malware’s distributors switched between many combinations of file types to infect PCs. The HP Threat Research team identified

18 unique infection chains used by QakBot distributors in Q2, highlighting how capable attackers are quickly permutating their tradecraft to exploit gaps in network defenses.

• HP Wolf Security stopped a flurry of finance-themed malicious spam campaigns in Q2 spreading remote access trojans (RATs) crypted using a Go crypter called “ShellGo”. The malware was packed twice to evade detection, before running shellcode in memory that disarms Windows security features and launches AsyncRAT. The threat actor used a clever technique to run the RAT in memory through a complex sequence of function calls to .NET libraries. The activity shows how easy it is for threat actors to combine tools to thwart detection and analysis, even those with few resources.

• Aggah continue to evolve their tactics, techniques and procedures (TTPs) to elude detection. Notably, in campaigns in Q2 we saw this threat actor store malicious PowerShell commands in DNS TXT records that were retrieved through nslookup commands.

Reference: HP Wolf Security Threat Insights Report Q2 2023 | HP Wolf Security 

For further information on ASI’s products and solutions, you may call or visit our social media accounts:

More Updates