Email security doesn’t stop all threats. Malicious websites also remain a threat. Hackers are becoming more and more creative and are now using OneNote and PDFs as attack vectors.

The more security the better; especially when it comes to endpoints. An employee’s laptop is the focal point where data, cloud applications, local apps, data on the server, email and more converge. This makes the devices attractive prey for criminals.

With Wolf Security, HP integrates several additional security mechanisms that complement traditional solutions such as antivirus or email gateway security. Sure Click catches the eye. It’s a solution that uses virtualization with micro VMs to open risky files in a sort of isolated container. Malware that explodes in this container cannot harm the rest of the system. This provides an additional form of protection for those who accidentally open a malicious attachment, but also provides a wealth of information about threats that can defeat traditional protection mechanisms.

Behind the gate

HP’s Wolf Security Threat Insights Q1 2023 report shows that such nimble malware is still plentiful. According to the manufacturer, 14 percent of e-mail threats bypassed the e-mail gateway security solution used. That is one percentage point more than a quarter before. In order to then cause damage, attackers have to be creative.

With macros no longer a convenient way to inject malware into a system, criminals are taking a different approach. OneNote notebooks are popular. Finally, you can embed complex content and thus malware in OneNote. Hackers disguise a notebook as company-originated information and trick users into double-clicking an item in the notebook, for example under the pretense that such a click is necessary to download data from the cloud.

insulation

Clicking on something like this could activate a backdoor or open the floodgates for ransomware. Micro-virtualization ensures that contamination is confined to the isolated, single-use environment in which OneNote can run. HP expects OneNote notebooks to remain a popular vector. Ideally, administrators should untrust such notebooks received via email by default.

Hackers also use other techniques to smuggle dangerous content past traditional security safeguards. PDFs appear to be a popular container, accounting for four percent of attacks. Hiding malware in archive files is also still a popular technique. HP sees a 53 percent increase in the use of gzip (.gz) archives. These make up about five percent of the detected attacks. Rar accounts for seven percent and Zip for fourteen percent.

More complex methods

In addition, attackers are becoming increasingly aggressive, for example by sending attack campaigns through a previously hacked company account. For example, phishing emails come from a trusted domain, which removes many security restrictions.

HP notes that 80 percent of attacks are via email. At thirteen percent, the web browser is still a popular vector. There, criminals primarily try to trick users into clicking on the wrong link. This can be done, for example, by copying a website and advertising it on Google. For example, the malicious page is at the top of a search result and a victim can be caught.

More is better

The numbers show that no single security method is watertight on its own. Added security at the endpoint can prevent it from getting worse when malware sneaks in. Criminals are getting more creative with their phishing emails, and even with extensive training, there’s a good chance an employee will get caught every once in a while. Isolation in a kind of sandbox environment provides a welcome additional safety net for such scenarios.

This article is part of it series on HP’s role in laptop security. The editorial was created in cooperation with HP.