Cat-phishing, exploitation of the Windows Background Intelligent Transfer Service (BITS), and fraudulent invoicing are among the key cyber threats identified in the first quarter of this year, according to the HP Wolf Security Threat Insights Report released Thursday.
The report highlights that cybercriminals have been using a type of website vulnerability known as open redirects to perform cat-phishing attacks. This technique involves initially directing users to a legitimate website, only to redirect them to a malicious site, making it difficult for users to recognize the switch.
“Open redirect vulnerabilities are relatively common and can be easily exploited,” said Erich Kron, a security awareness advocate at KnowBe4. “Attackers use these vulnerabilities to deceive users by crafting URLs that lead them to malicious sites, even if the initial link appears legitimate.”
Kron also noted the importance of checking the URL in the browser bar before entering sensitive information, despite common advice to hover over links.
Another significant finding is the misuse of BITS, a Windows service typically used for background file transfers. Attackers exploit BITS to evade detection while performing malicious activities such as data exfiltration and command-and-control operations.
“BITS is generally used for legitimate purposes, like updating software or syncing files with cloud services,” explained Ashley Leonard, CEO of Syxsense. “However, it can be misused by attackers to avoid detection. Organizations should monitor BITS traffic, restrict its use to authorized applications, and keep systems updated to protect against such threats.”
The report also notes an increase in malware hidden in HTML files disguised as invoices. These files, when opened in a browser, can deploy malware like AsyncRAT.
“Embedding malware in fake invoices remains an effective strategy because it leverages the routine handling of invoices by finance employees,” said Nick Hyatt, director of threat intelligence at Blackpoint Cyber.
Patrick Schläpfer, Principal Threat Researcher at HP Wolf, emphasized the importance of enhancing browser security to defend against these sophisticated attacks. Patrick Tiquet from Keeper Security also stressed the need for improved protection against evasive browser-based threats.
Finally, the report revealed that 12% of email threats bypassed gateway scanners. While these scanners are useful for detecting common threats, they often miss targeted attacks like spear-phishing and whaling due to their reliance on pattern recognition and keyword detection.
“Email scanners can miss sophisticated threats designed to evade traditional detection methods,” noted KnowBe4’s Kron. “Training employees to recognize and report phishing attempts is crucial to complement the use of email security tools.”
Krishna Vishnubhotla of Zimperium added that organizations need comprehensive protection across all devices, including mobile endpoints, to address evolving email-based threats.