Attackers are employing AI-generated scripts, leveraging malvertising to distribute rogue PDF tools, and embedding malware in image files. These developments mark a significant shift in the threat landscape, accelerating the frequency and complexity of cyberattacks.
This was revealed by HP’s latest Threat Insights Report, based on data from April to June 2024, which offers valuable information to help businesses stay ahead of cybercriminals’ evolving methods.
Key Findings:
- AI-Generated Malware: HP researchers uncovered evidence of malware, written in part with the assistance of generative AI, targeting French-speaking users. The malware’s structure, annotated code, and use of native language function names indicate AI involvement in its creation.
- Malvertising Campaigns: Threat actors are increasingly using polished ChromeLoader campaigns that rely on malvertising to spread rogue PDF tools. These websites lure victims into downloading seemingly legitimate software that embeds malicious code capable of taking control of browsing sessions.
- Malware Hidden in Images: Some attackers have shifted from using HTML files to SVG vector images, embedding malware within the image files. When victims open these images in their browsers, the embedded JavaScript activates, delivering infostealer malware.
AI Lowers the Barrier for Cybercriminals
HP’s threat research identified that AI-assisted malware development is no longer speculative. A recent campaign targeting French speakers used VBScript and JavaScript scripts, which analysts believe were generated using AI. The scripts’ structure, comments, and code style point to AI involvement. The malware delivered AsyncRAT, an infostealer that records screens and keystrokes.
Patrick Schläpfer, Principal Threat Researcher at HP Security Lab, said: “Speculation about AI being used by attackers is rife, but evidence has been scarce, so this finding is significant. Typically, attackers like to obscure their intentions to avoid revealing their methods, so this behavior indicates an AI assistant was used to help write their code. Such capabilities further lower the barrier to entry for threat actors, allowing novices without coding skills to write scripts, develop infection chains, and launch more damaging attacks.” Sophisticated Malvertising Campaigns
HP’s report also highlights a growing trend in ChromeLoader campaigns. These campaigns use malvertising—placing ads on popular search terms—to direct users to professional-looking websites offering fake tools like PDF converters. When users install these tools, attackers deploy browser extensions that take over browsing sessions, redirecting search results to malicious sites.
These tools are difficult to detect because they come with valid code-signing certificates, bypassing security policies and warnings.
Malware Smuggled via SVG Images
Another emerging trend is the use of SVG vector images to hide malware. SVGs are commonly used in web design and can execute JavaScript when opened in a browser. This makes them an attractive vehicle for malware, allowing attackers to smuggle in infostealers disguised as harmless image files.
Cyber Threat Landscape Continues to Evolve
The HP Threat Insights Report, based on data from millions of endpoints running HP Wolf Security, underscores the ever-evolving tactics of cybercriminals. Some of the key insights include:
- Email Gateway Evasion: At least 12% of email threats managed to bypass one or more email gateway scanners, consistent with the previous quarter.
- Popular Attack Vectors: The top threat vectors were email attachments (61%), browser downloads (18%), and removable storage devices like USB drives (21%).
- Archive Files: Archives were the most common malware delivery method, with 39% of them being ZIP files.
The Call for Stronger Cybersecurity Measures
As threat actors increasingly adopt AI and other innovative tactics to bypass security systems, businesses need to fortify their defenses. Dr Ian Pratt, Global Head of Security for Personal Systems at HP, emphasized the importance of a multi-layered approach to cybersecurity.
“Threat actors are constantly updating their methods, whether it’s using AI to enhance attacks, or creating functioning-but-malicious tools to bypass detection. So, businesses must build resilience, closing off as many common attack routes possible.”
Pratt ended: “Adopting a defense-in-depth strategy — including isolating high-risk activities like opening email attachments or web downloads — helps to minimize the attack surface and neutralize the risk of infection.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.