IT Brief Australia logo
Technology news for Australia's largest enterprises
Story image

Rise in hacking tool downloads as cybercrime becomes 'more organised than ever'

By Shannon Williams
Wed 28 Jul 2021

There has been a significant increase in the frequency and sophistication of cybercrime activity, including a 65% rise in the use of hacking tools downloaded from underground forums and filesharing websites from H2 2020 to H1 2021, according to the latest global Threat Insights Report from HP.

The researchers noted hacking tools in wide circulation were surprisingly capable. For example, one tool can solve CAPTCHA challenges using computer vision techniques, namely optical character recognition (OCR), in order to perform credential stuffing attacks against websites. 

More broadly, the report found that cybercrime is more organised than ever, with underground forums providing a perfect platform for threat actors to collaborate and share attack tactics, techniques and procedures.

"The proliferation of pirated hacking tools and underground forums are allowing previously low-level actors to pose serious risks to enterprise security," says Dr. Ian Pratt, global head of security, Personal Systems, HP Inc. 

"Simultaneously, users continue to fall prey to simple phishing attacks time and time again. Security solutions that arm IT departments to stay ahead of future threats are key to maximising business protection and resilience," he says.

Notable threats isolated by HP Wolf Security included:

  • Cybercriminal collaboration is opening the door to bigger attacks against victims: Dridex affiliates are selling access to breached organisations to other threat actors, so they can distribute ransomware. The drop in Emotet activity in Q1 2021 has led to Dridex becoming the top malware family isolated by HP Wolf Security.
  • Information stealers delivering nastier malware: CryptBot malware historically used as an infostealer to siphon off credentials from cryptocurrency wallets and web browsers is also being used to deliver DanaBot a banking trojan operated by organised crime groups.
  • VBS downloader campaign targeting business executives: A multi-stage Visual Basic Script (VBS) campaign is sharing malicious ZIP attachments named after the executive its targeting. It deploys a stealthy VBS downloader before using legitimate SysAdmin tools to live off the land, persisting on devices and delivering malware.
  • From application to infiltration: A rsum-themed malicious spam campaign targeted shipping, maritime, logistics and related companies in seven countries (Chile, Japan, UK, Pakistan, US, Italy and the Philippines), exploiting a Microsoft Office vulnerability to deploy the commercially-available Remcos RAT and gain backdoor access to infected computers.

The findings are based on data from HP Wolf Security, which tracks malware within isolated, micro-virtual machines to understand and capture a full infection chain and help to mitigate threats. By better understanding the behaviour of malware in the wild, HP Wolf Security researchers and engineers are able to bolster endpoint security protections and overall system resilience.

"The cybercrime ecosystem continues to develop and transform, with more opportunities for petty cybercriminals to connect with bigger players within organised crime, and download advanced tools that can bypass defenses and breach systems," says Alex Holland, senior malware analyst, HP.

"We are seeing hackers adapt their techniques to drive greater monetisation, selling access on to organised criminal groups so they can launch more sophisticated attacks against organisations," he says. 

"Malware strains like CryptBot previously would have been a danger to users who use their PCs to store cryptocurrency wallets, but now they also pose a threat to businesses. 

"We see infostealers distributing malware operated by organized criminal groups who tend to favour ransomware to monetise their access."

Other key findings in the report include:

  • 75% of malware detected was delivered via email, while web downloads were responsible for the remaining 25%. Threats downloaded using web browsers rose by 24%, partially driven by users downloading hacking tools and cryptocurrency mining software.
  • The most common email phishing lures were invoices and business transactions (49%), while 15% were replies to intercepted email threads. Phishing lures mentioning COVID-19 made up less than 1%, dropping by 77% from H2 2020 to H1 2021.
  • The most common type of malicious attachments were archive files (29%), spreadsheets (23%), documents (19%), and executable files (19%). Unusual archive file types such as JAR (Java Archive files) are being used to avoid detection and scanning tools, and install malware thats easily obtained in underground marketplaces.
  • The report found 34% of malware captured was previously unknown1, a 4% drop from H2 2020.
  • A 24% increase in malware that exploits CVE-2017-11882, a memory corruption vulnerability commonly used to exploit Microsoft Office or Microsoft WordPad and carry out fileless attacks.

"Cybercriminals are bypassing detection tools with ease by simply tweaking their techniques," Holland says. 

"We saw a surge in malware distributed via uncommon file types like JAR files likely used to reduce the chances of being detected by anti-malware scanners," he says. 

"The same old phishing tricks are reeling in victims, with transaction-themed lures convincing users to click on malicious attachments, links and web pages."

Pratt concludes, "As cybercrime becomes more organised, and smaller players can easily obtain effective tools and monetise attacks by selling on access, theres no such thing as a minor breach.

"The endpoint continues to be a huge focus for cybercriminals. Their techniques are getting more sophisticated, so it's more important than ever to have comprehensive and resilient endpoint infrastructure and cyber defense," he says.

"This means utilszing features like threat containment to defend against modern attackers, minimising the attack surface by eliminating threats from the most common attack vectors email, browsers, and downloads."
 

Related stories
Top stories
Story image
Recruitment
Thales on recruitment hunt for next disruptive innovations
"Recruiting new talent is part of Thales's belief in the power of innovation and technological progress to build a safer, greener and more inclusive world."
Story image
Cybersecurity
Palo Alto Networks' cloud security platform receives IRAP assessment
"We provide help protect all forms of compute, cloud native services and access to data within public and private sectors."
Story image
Apple
Jamf introduces new content filtering solution for education providers
Jamf has announced the launch of Jamf Safe Internet, a new offering that looks to deliver a safe online experience to students while offering better management options for admins.
Story image
Infrastructure
Video: 10 Minute IT Jams - An update from Paessler
Sebastian Krüger joins us today to discuss how unified infrastructure monitoring enables MSPs to seamlessly deliver services to their clients.
Story image
Research
New study reveals 51% of employees using unauthorised apps
The research shows that 92% of employees and managers in large enterprises want full control over applications, but they don't have it.
Story image
Robotics
Evonik relies on Getac F110 tablet to control autonomous robot
The aim of the project is to evaluate the practicality of an automated robotic maintenance and inspection solution in the chemical industry.
Story image
Management
MYOB snaps up Sydney-based management software specialists
MYOB has announced the acquisition of Sydney-based business management software and support specialists, GT Business Solutions.
Story image
Aspire
NEC expands Open RAN ecosystem with Aspire Tech acquisition
With its agreement to acquire Aspire Technology, NEC Corporation has further increased its capacity to deliver End-to-End Open RAN ecosystems.
Story image
Solutions
Progress launches latest version of network visibility solution
In Flowmon 12 network solution, Progress has expanded its support for public cloud provider flow log monitoring and launched new features.
Story image
Manufacturing
Sutton Tools deploys Infor M3 CloudSuite for manufacturing
Sutton Tools has also implemented the Infor OS cloud operating platform, including Infor Intelligent Open Network and Mongoose.
Story image
Artificial Intelligence
Eight top DevSecOps trends to support IT innovation in 2022
The use of DevSecOps practices is growing, as it is increasingly seen as the best way to produce high-quality and secure code. So what are the current trends?
Story image
Accounting
Four factors to consider when choosing the right job accounting solution
Progressive job-based businesses can achieve success by strengthening their ability to quantify every cost attributable to the delivery of an outcome for a customer.
Story image
Documentation
Adobe study finds lack of digital trust and utilisation in Australian Government agencies
New research commissioned by Adobe has revealed a significant lack of digital trust within Australian Government departments, along with the continued underutilisation of key digital processes.
Story image
Infrastructure
New VMware offerings improve cloud infrastructure management
VMware has unveiled VMware vSphere+ and VMware vSAN+ to help organisations bring benefits of the cloud to existing on-prem infrastructure.
Story image
Airwallex
How Airwallex helps businesses achieve globalisation success
As markets continue to shift, businesses need to be able to provide the same quality of service for customers regardless of where they are located around the world.
Story image
State Library of Victoria
State Library of Victoria entrusts Oracle support and security to Rimini Street
“Our finance team are very happy with the support and security that Rimini Street provides, which keeps our assets and our customers secure."
Story image
Cloud
BT builds on Equinix partnership with new cloud offering
BT has launched a next-generation cloud connectivity offering extending its global network into strategic carrier-neutral facilities (CNFs) and building on its existing partnership with Equinix.
Digital Transformation
Discover the 5 signs your business is ready for a cloud-based ERP. Is your business being left behind as more of your competitors switch to the cloud?
Link image
Story image
Artificial Intelligence
Accenture shares the benefits of supply chain visibility
It's clear that gaining better visibility into the supply chain will help organisations avoid excess costs, inefficiencies, and complexity to ultimately improve their bottom line.
Story image
Telstra
Ericsson and Ciena, Telstra enhance service capacity for Telstra's optical network
Ericsson, Telstra, and Ciena have announced new enhancements to Telstra's Next Generation Optical Network, which will increase the service capacity of Telstra's optical network to 400 GE (Gigabit per Second Ethernet).
Story image
API
Industry-first comprehensive risk-based API security enhances protection
Application Programming Interfaces (APIs) have become a crucial part of operating web and mobile application businesses and are causing significant economic growth in the digital sector.
Story image
Identity and Access Management
Ping Identity named a Leader in Access Management
Ping Identity has been named a leader in the 2022 KuppingerCole Leadership Compass report for Access Management. 
Story image
Payroll
How New South Wales state departments achieved cloud migration success
State departments in New South Wales are heading to the cloud to achieve better workflow solutions, and one company is paving the way for their success.
Story image
Digital
Ivanti puts spotlight on power of employee digital experiences
The report revealed that 49% of employees are frustrated by the tech and tools their organisation provides and 64% believe this impacts morale.
Project management
Discover the 4 crucial factors for choosing the right job-costing solution. Is your team struggling to cost jobs and keep projects running on budget?
Link image
Story image
Samsung
Monitors are an excellent incentive for getting employees back
The pandemic has taught us that hybrid working is a lot easier than we would’ve thought, so how can the office be made to feel as comfortable as home? The answer could be staring you in the face right now.
Story image
Cybersecurity
Delinea’s Joseph Carson recognised with OnCon Icon Award
Delinea chief security scientist and advisory CISO Joseph Carson has been recognised as a Top 50 Information Security Professional in the 2022 OnCon Icon Awards.
Supply chain
Discover the 4 critical priorities for wholesale distribution businesses in FY23. Are you worried about how supply chain issues may affect your business in 2023?
Link image
Story image
Wiise
Four things wholesale distributors need to consider for FY2023
In a post-pandemic world, there are many things for a distribution business to juggle. ERP solutions company Wiise narrows down what companies should focus on.
Story image
Cybersecurity
Tech and data’s role in the changing face of compliance
Accenture's study found that 93% of respondents agree or strongly agree new technologies such as AI and cloud make compliance easier.
Story image
Supply chain
Supply chains continue to be disrupted, enterprises embrace circular economy
“Businesses urgently need to find a solution that can help them to manage this disruption, and transition to a circular economy."
Story image
Data Protection
Five signs your business is ready to move to the cloud
Many organisations are thinking about moving to the cloud. But what are the signs you are ready, and what are the reasons to move?
Story image
Artificial Intelligence
Siemens expands NVIDIA partnership for industrial metaverse
Siemens is expanding its partnership with NVIDIA to enable the industrial metaverse and increase the use of AI-driven digital twin technology.
Story image
Artificial Intelligence
Dynatrace extends automatic release validation capabilities
Dynatrace has extended its platform release validation capabilities to improve user experience at every stage of the software development lifecycle.
Story image
Metaverse
How the metaverse will change the future of the supply chain
The metaverse is set to significantly change the way we live and work, so what problems can it solve in supply chain management?
Story image
Development
Intel Labs unveils integrated photonics research advancement
"This new research demonstrates that its possible to achieve well-matched output power with uniform and densely spaced wavelengths."
Story image
Enterprise Resource Planning / ERP
Five ways your ERP is letting you down and why its time for a change
Wiise explains while moving to a new system may seem daunting, the truth is that legacy systems could be holding your business back.
Story image
Amazon
What brands can expect from Amazon Prime Day in Australia
Amazon Prime Day is the annual two-day shopping event, kicking off this year from July 12-13 and is the global online shopping platform's biggest sales event. 
Story image
Low-code
Appian unveils low-code certification program in Australia
Appian has announced a program to provide the next generation of low-code developers with access to education on the subject and certification to foster career opportunities.
Story image
Cybersecurity
Without trust, your security team is dead in the water
The rise of cyberattacks has increased the need for sound security that works across any type of business, but with any change, buy-in is essential. Airwallex explains why.
PwC
PwC's Consulting Business and PwC's Indigenous Consulting are proud to play an important role in helping Australian Indigenous Mentoring Experience build IMAGI-NATION, a free online university for marginalised communities around the world.
Link image
Story image
Dicker Data
EXCLUSIVE: Why women in IT makes good business sense - Dicker Data
The Federal government wants to bolster female participation in the tech industry to at least 40% by 2030. Here's how one homegrown Australian company has already reached that goal.
Productivity
Discover the 5 ways your ERP may be letting you down. Is your current system outdated, difficult to manage, and costing you a fortune?
Link image
PwC
WSLHD and PwC’s Consulting Business came together to solve through the challenges of COVID-19. A model of care was developed to the NSW Health Agency for Clinical Innovation guidelines with new technology platforms and an entirely new workforce.
Link image