HP today published its HP Threat Insights Report. This shows that the well-known CAPTCHA is now also being used by malicious parties to infect endpoints with malware.
The CAPTCHA has become an integral part of our digital lives. Not because we like it so much, but because we have to prove with some regularity that we are not bots, but humans. However, bots are getting better at bypassing the CAPTCHA, so they are also getting more complex. That means people are now used to seeing new, more complex types of CAPTCHA on a regular basis.
The evolution of the CAPTCHA has given attackers the idea to use it themselves. People seem to be so used to solving these little puzzles that they more or less blindly do what is asked. Researchers at HP have discovered multiple campaigns in which users were directed to environments controlled by attackers. There they were urged to demonstrate that they were humans and not bots. Little did they know that by doing so, they were launching a PowerShell command. With it, they installed the Lumma Stealer RAT (Remote Access Trojan) on their machine.
Limits of cybersecurity awareness training
The above findings by HP Wolf Security indicate that attackers are constantly looking for vulnerabilities. That’s no surprise, as that is what attackers do. Abusing something that is seen as an effective tool against bots to install malware, however, is then a particularly devious way to get into organizations’ endpoints. After all, the end users think they are doing something right by performing the tasks asked of them. Everyone is used to multi-factor authentication, so we incorporate it into our daily activities without paying much attention. Even if it is actually a cyber threat.
Cyber awareness training is undoubtedly important, but does not do a huge amount to be able to prevent these attacks via CAPTCHA. It is of course possible to make users more aware of the existence of an attack method such as this. However, it remains very difficult as an end user to tell whether or not a CAPTCHA is malicious or not. For that, you need effective security tools.
HP Wolf Security
Not surprisingly, HP believes that HP Wolf Security is one of those security tools. The company claims it allows organizations to minimize their attack surface on endpoints. It also divulges an interesting statistic to support this claim. Customers of HP Wolf Security have clicked on more than 65 billion attachments, web pages and downloaded files since the inception of that solution. There has not yet been a single report of a breach. Now, this doesn’t mean that it has never happened, but it is an interesting statistic nonetheless.
HP researchers also saw that more than ten percent of email threats were not picked up by email gateway scanners. So there is still much to be gained there as well. In any case, it shows once again that a layered security approach remains important.
Also read: HP Wolf Security applies deep security layer to business PCs