Recently, HP's "Threat Insight Report" has revealed new trends in cyber attacks, prompting increased vigilance. According to the report, from April to June 2024, attackers are utilizing generative AI to craft malware, spread Trojan tools through malicious ads, and embed viruses in image files. These new tactics signify a continuous rise in the complexity and frequency of cybersecurity threats.
The report highlights that researchers have discovered a malware targeting French-speaking users, with code structure, comments, and function names indicating AI involvement. Attackers are leveraging generative AI to write VBScript and JavaScript scripts, lowering the barriers to attack. Notably, this malware can record screens and keystrokes, making it highly covert.
Additionally, the report mentions the increasingly rampant "ChromeLoader" malicious ad campaign. Attackers are placing ads on popular search terms, leading users to download seemingly legitimate tools like PDF converters. Once installed, these tools silently take control of the user's browsing session, redirecting search results to malicious sites. More concerning is that these tools often come with valid code signing certificates, making them difficult to detect with security policies and warnings.
Beyond these, attackers are also beginning to use SVG vector images to hide malware. SVG files are common in web design, and when opened in a browser, the embedded JavaScript executes automatically, silently transmitting information-stealing programs to the attackers.
As cyber threats continue to evolve, HP's report emphasizes the need for stronger cybersecurity measures in enterprises. Dr. Ian Pratt, HP's Global Personal Systems Security Director, points out that threat actors constantly update their attack methods, and businesses must establish multi-layered protection strategies. By isolating high-risk activities such as opening email attachments or downloading web content, the attack surface can be effectively reduced, lowering the risk of infection.
Key Points:
🔒 Generative AI is being used to create malware, increasing the stealth and complexity of cyber attacks.
📥 Attackers guide users to download counterfeit tools through malicious ads, thereby controlling browser sessions.
🖼️ SVG images are used as a new carrier for malware transmission, increasing cybersecurity risks.