In the News: Cat-Phishing, Living-Off-The-Land, Fake Invoices Top Q1 Cyberthreats
Published originally on May 16, 2024 by John P. Mello Jr. on TechNewsWorld.


Cat-phishing, using a popular Microsoft file transfer tool to become a network parasite, and bogus invoicing are among the notable techniques cybercriminals deployed during the first three months of this year, according to the quarterly HP Wolf Security Threat Insights Report released Thursday.

Based on an analysis of data from millions of endpoints running the company’s software, the report found digital desperadoes exploiting a type of website vulnerability to cat-phish users and steer them to malevolent online locations. Users are first sent to a legitimate website, then redirected to the malicious site, a tactic that makes it difficult for the target to detect the switch.


Exploiting BITS

Another notable attack identified in the report is using the Windows Background Intelligent Transfer Service (BITS) to perform “living off the land” forays on an organization’s systems. Because BITS is a tool used by IT staff to download and upload files, attackers can use it to avoid detection.

Ashley Leonard, CEO of Syxsense, a global IT and security solutions company, explained that BITS is a component of Windows designed to transfer files in the background using idle network bandwidth. It’s commonly used to download updates in the background, ensuring a system stays up to date without disrupting work or for cloud synchronization, enabling cloud storage applications like OneDrive to sync files between a local machine and the cloud storage service.

“Unfortunately, BITS can also be used in nefarious ways, as noted in the Wolf HP report,” Leonard told TechNewsWorld. “Malicious actors can use BITS for a number of activities — to exfiltrate data, for command-and-control communications or persistence activities, such as executing malicious code to entrench themselves more deeply into the enterprise.”


Find out Ashley’s tips for security teams to harden the BITS service and read the full article on TechNewsWorld.