HP’s Endpoint security in your workplace: 2024 Update
Progress in cyber defense programs brings benefits to everyone in today’s connected world. Everything from identity theft, to extortion attempts, to the loss of important data like family photos can be consequences of a cybersecurity attack. Living in today’s technology driven environment has made everyone to rely on critical infrastructure like power plants, hospitals, and financial service companies. Securing these and other organizations is essential to keeping our society functioning.
In a tech update seminar organized by Advance Solutions Inc in September 2023, HP Philippines presented the HP Wolf Security which is defined as a new breed of endpoint security. HP’s portfolio of hardware-enforced security and endpoint-focused security services are designed to help organizations safeguard PCs, printers, and people from circling cyber predators. HP Wolf Security provides comprehensive endpoint protection and resiliency that starts at the hardware level and extends across software and services.
Each quarter HP’s security experts highlight notable malware campaigns, trends and techniques identified by HP Wolf Security. By isolating threats that have evaded detection tools and made it to endpoints, HP Wolf Security gives an insight into the latest techniques used by cybercriminals, equipping security teams with the knowledge to combat emerging threats and improve their security postures.
Key findings of the Q2 2024 edition (HP Wolf Security Threat Insights Report) include the following:
1) Threat actors have been using generative artificial intelligence (GenAI) to create convincing phishing lures for some time, but there has been limited evidence of attackers using this technology to write malicious code in the wild. In Q2, however, the HP Threat Research team identified a malware campaign spreading AsyncRAT using VBScript and JavaScript that was highly likely to have been written with the help of GenAI. The scripts’ structure, comments and choice of function names and variables were strong clues that the threat actor used GenAI to create the malware. The activity shows how GenAI is accelerating attacks and lowering the bar for cybercriminals to infect endpoints.
2) ChromeLoader is a popular family of web browser malware that enables attackers to take over the victim’s browsing session and redirect searches to attacker-controlled websites. In Q2, ChromeLoader campaigns were larger and more polished, relying on malvertising to direct victims to websites offering productivity tools like PDF converters. These working applications hid malicious code in MSI files, while valid code-signing certificates helped the malware to bypass Windows security policies, increasing the chance of infection.
3) Attackers are always looking for unusual ways to infect endpoints in the hope of avoiding detection. In Q2, the HP Threat Research team identified a campaign notable for spreading malware through Scalable Vector Graphics (SVG). Widely used in graphic design, the SVG format is based on XML and supports lots of features, including scripting. The attackers abused the format’s scripting feature by embedding malicious JavaScript inside images, ultimately leading to multiple information stealers trying to infect the victim’s endpoint.
