Cyber criminals are utilizing innovative methods for analyzing and optimizing attacks on users by way of advertising tools, according to tech giant HP's HP Wolf Security's 2023 Q4 cyber threat report. These attacks use online advertising tools to increase the efficiency of attack attempts to generate more "clicks."
Additionally, the report found a 7% increase in malware distribution via PDF files, which includes WikiLoader, Ursnif, and DarkGate.
PDF files mimicking OneDrive error messages lure users into clicking on content that is uploaded on an online advertising platform leading to the DarkGate malware. By utilizing these advertising platforms, cyber criminals are able to analyze which scams get more clicks from users. Furthermore, CAPTCHA is used to prevent programs from scanning for malware and stopping attacks. The malware allows cyber criminals backdoor access to networks, exposing victims to the risks of data theft and ransomware.
Discord and TextBin also are used to store malicious files. Cyber criminals use Internet sites to share legitimate files and texts to transfer malware. Through the sites, which are often trusted by organizations, cyber attackers are able evade malware scanners and remain undetected.
Tech executives comment on the growing threat
Alex Holland, senior malware analyst at the HP Wolf Security research team said, "Cyber criminals are becoming adept at getting into our heads and understanding how we work. For instance, the design of popular cloud services is always being refined, so when a fake error message appears, it won’t necessarily raise an alarm, even if a user hasn’t seen it before. With [Generative AI] generating even more convincing malicious content at little-to-no cost, distinguishing real from fake will only get harder."
Dr. Ian Pratt, HP's global head of security for personal systems: "Cyber criminals are applying the same tools a business might use to manage a marketing campaign to optimize their malware campaigns, increasing the likelihood the user will take the bait. To protect against well-resourced threat actors, organizations must follow zero trust principles, isolating and containing risky activities like opening email attachments, clicking on links, and browser downloads."