Cybercriminals are using catfishing tactics to target victims and spread malware

A report from HP Wolf Security reveals that cybercriminals are employing overdue invoice scams, open redirects, and Living-off-the-Land (LotL) tactics to evade cybersecurity measures. The report examines actual attacks observed in Q1, highlighting significant campaigns such as cat-phishing, Windows Background Intelligent Transfer Service (BITS) exploitation, and HTML smuggling.

Attackers utilized open redirects in cat-phishing schemes, exploiting vulnerabilities within websites to avoid detection. Victims were directed from safe websites to malicious ones (often through flaws in ad embeddings).

Many attacks leveraged BITS, a legitimate data transfer mechanism, to stealthily download malicious files. The report also mentions the tactic of concealing malware within HTML files by masquerading them as delivery invoices.

Key takeaways from the report include:

• Removable storage and file shares (22%), browser downloads (25%), and email attachments (53%) were the top threat vectors.
• 65% of document-related threats utilized exploits to execute code instead of macros.
• 12% of email threats bypassed at least one email gateway scanner.