Cybercriminals are constantly evolving their tactics, and a new report from HP Inc. exposes the latest sneaky techniques used by threat actors to sneak past security defenses and breach PCs.

The Q1 2024 edition of the HP Wolf Security Threat Insights Report sheds light on notable malware campaigns and techniques including open redirects, overdue invoice lures, and Living-off-the-Land (LotL) utilized by cybercriminals to evade detection.

Here are the key findings:

Cat-Phishing: Attackers are leveraging open redirect vulnerabilities to carry out sophisticated WikiLoader campaigns. By exploiting these vulnerabilities within websites, users are redirected from trusted sites to malicious ones, making detection challenging.

Living-off-the-Land (LotL): A technique where attackers weaponize built-in Windows tools like BITS (Background Intelligent Transfer Service) - a tool used by administrators to transfer files between web servers and file shares - to download malware undetected.

Fake invoices: Cybercriminals are targeting enterprises, rather than individuals, with fake overdue invoices embedded in HTML files. These files, though poorly designed, lure unsuspecting victims, into opening HTML attachments that unleash malware.

"Living-off-the-Land techniques expose the fundamental flaws of relying on detection alone. Because attackers are using legitimate tools, it’s difficult to spot threats without throwing up a lot of disruptive false positives," says Dr. Ian Pratt, Global Head of Security for Personal Systems at HP Inc.

The report also highlights email attachments (53%) and browser downloads (25%) as the top threat vectors in Q1. Additionally, the reliance on exploits (65%) to execute malicious code has significantly increased compared to traditional macro-based attacks.

"Targeting companies with invoice lures is one of the oldest tricks in the book, but it can still be very effective and hence lucrative. Employees working in finance departments are used to receiving invoices via email, so they are more likely to open them. If successful, attackers can quickly monetize their access by selling it to cybercriminal brokers, or by deploying ransomware," says Patrick Schläpfer, Principal Threat Researcher in the HP Wolf Security threat research team.