Gadget

Cybercriminals ‘living off the land’

Cyber attackers are relying on “overdue invoice lures”, and “Living-off-the-Land” (LotL) techniques to sneak past defences, says HP in its quarterly HP Wolf Security Threat Insights report.

The report provides an update of real-world cyberattacks, helping organisations to keep up with the latest techniques of cybercriminals.

“Living-off-the-Land techniques expose the fundamental flaws of relying on detection alone,” says Patrick Schläpfer, principal threat researcher in the HP Wolf Security threat research team. “Because attackers are using legitimate tools, it’s difficult to spot threats without throwing up a lot of disruptive false positives. 

“Threat containment provides protection even when detection fails, preventing malware from exfiltrating or destroying user data or credentials, and preventing attacker persistence. This is why organisations should take a defence-in-depth approach to security, isolating and containing high-risk activities to reduce their attack surface.”

Based on data from millions of endpoints running HP Wolf Security, notable campaigns identified by HP threat researchers include:

“Targeting companies with invoice lures is one of the oldest tricks in the book, but it can still be very effective and hence lucrative. Employees working in finance departments are used to receiving invoices via email, so they are more likely to open them. If successful, attackers can quickly monetise their access by selling it to cybercriminal brokers, or by deploying ransomware.”

By isolating threats that have evaded detection-based tools – but still allowing malware to detonate safely – HP Wolf Security has specific insight into the latest techniques used by cybercriminals. To date, HP Wolf Security customers have clicked on over 40-billion email attachments, web pages, and downloaded files with no reported breaches.

The report details how cybercriminals continue to diversify attack methods to bypass security policies and detection tools. Other findings include:

This data was gathered from consenting HP Wolf Security customers from January to March 2024.

Exit mobile version