Cybercriminals are using catfishing tactics to target victims and spread malware

  • Home
  • Cyber Security
  • Cybercriminals are using catfishing tactics to target victims and spread malware

Cybercriminals are using catfishing tactics to target victims and spread malware

A report from HP Wolf Security reveals that cybercriminals are employing overdue invoice scams, open redirects, and Living-off-the-Land (LotL) tactics to evade cybersecurity measures. The report examines actual attacks observed in Q1, highlighting significant campaigns such as cat-phishing, Windows Background Intelligent Transfer Service (BITS) exploitation, and HTML smuggling.

Attackers utilized open redirects in cat-phishing schemes, exploiting vulnerabilities within websites to avoid detection. Victims were directed from safe websites to malicious ones (often through flaws in ad embeddings).

Many attacks leveraged BITS, a legitimate data transfer mechanism, to stealthily download malicious files. The report also mentions the tactic of concealing malware within HTML files by masquerading them as delivery invoices.

Key takeaways from the report include:

  • Removable storage and file shares (22%), browser downloads (25%), and email attachments (53%) were the top threat vectors.
  • 65% of document-related threats utilized exploits to execute code instead of macros.
  • 12% of email threats bypassed at least one email gateway scanner.

Post Your Comment

Subscribe Our Newsletter

We hate spam, we obviously will not spam you!

Services
  • Security Analysis
  • Penetration Testing
  • Thread Detection
  • 360 Protection
Use Cases
  • Website Security
  • AppSec
  • Case Studies
  • Integrations
Opportunities
  • Partnerships
  • Software Suite
  • Careers
Resources
Support
  • Support
  • Contact Us
  • About Us
  • Partnerships
Get in Touch
Copyright © TSP 2024. All rights reserved. Designed by Enovate LLC

Copyright © TSP 2024. All rights reserved. Designed by Enovate LLC