At the recent annual HP Imagine event, HP Inc. presented a new Threat Report revealing the use of generative artificial intelligence (GenAI) in malware creation, a practice that is facilitating the development of increasingly sophisticated cyberattacks. The research, based on data collected from millions of devices running HP Wolf Security, highlights a series of emerging techniques used by malicious actors to circumvent security measures in their victims’ systems.
AI-Powered Cyberattacks: New Risks for Users
The HP research team has identified a campaign targeting French-speaking users, in which the malware appears to have been created with the help of generative AI. This malware uses VBScript and JavaScript scripts with a structure and comments that indicate the involvement of an AI tool in its development. The choice of functions and variables in the victim’s native language also suggests that attackers used GenAI to tailor the code for a specific audience. This malware installs AsyncRAT, a spyware program that allows attackers to log users’ screens and keystrokes, demonstrating how AI is facilitating the creation of malicious tools without attackers requiring advanced programming skills.
Malvertising Campaigns and Fake PDF Tools
The report also emphasizes the growth and professionalization of malvertising campaigns, which employ fake online ads to lure users to websites offering seemingly functional tools, such as PDF readers or converters. Users are tricked into installing applications delivered in MSI files that contain malicious code. Upon installing these applications, the malware adds an extension to the browser that allows attackers to redirect searches and control the victim’s browsing session, taking advantage of valid signing certificates to evade Windows security policies.
Using SVG Images to Camouflage Malware
In an unusual twist, some cybercriminals have begun using SVG vector images to conceal malware. SVG files, commonly used in graphic design and based on the XML format, can contain JavaScript code that executes when the image is viewed in a browser. HP has found that when users open these images, they believe they are viewing a harmless file, when in fact they are interacting with a malicious file that installs various types of information-stealing malware.
Growing Threats and Business Resilience
Patrick Schläpfer, a lead researcher at HP Security Lab, highlighted the significance of this finding. “Speculation about the use of AI by attackers is common, but finding concrete evidence of this is noteworthy. This behavior indicates that attackers are using AI assistants to create malicious code, lowering the barrier to entry and enabling even programming novices to develop infection chains and sophisticated attacks.”
Dr. Ian Pratt, global head of personal systems security at HP, underscored the urgency of implementing more comprehensive security strategies. “Attackers are constantly updating their methods, whether it’s using AI to enhance attacks or creating functional but malicious tools to evade detection. Businesses must build their resilience by closing as many attack vectors as possible. Adopting a defense-in-depth strategy, which includes isolating high-risk activities like opening email attachments or web downloads, helps minimize the attack surface and mitigate infection risk.”
HP Wolf Security: An Advanced Protection Solution
The HP Wolf Security system runs high-risk tasks in isolated virtual machines, ensuring user safety without affecting productivity. Moreover, this technology captures detailed traces of infection attempts, allowing HP to gain unique insights into intrusion techniques and attacker behaviors. According to the report, HP Wolf Security has safely managed over 40 billion clicks on email attachments, web pages, and downloaded files without security breaches being reported.
Key Threat Vectors and Trends
Among the report’s key findings, it states that email attachments account for 61% of threat vectors, followed by downloads from browsers (18%) and other means, such as USB drives and shared files (21%). Additionally, compressed files, especially ZIPs, represent 26% of distributed malware.
With the evolution of these tactics, HP warns organizations to maintain constant vigilance and adopt robust defense measures to counter the efforts of cybercriminals who, with the help of AI, are redefining cybersecurityCybersecurity solutions are essential in the digital era….
via: HP