HP Wolf Security Report Shows Threat Landscape Getting Scarier

When it comes to securing PCs and Printers, HP is the most advanced of hardware vendors. This advantage is because HP is more focused on endpoint devices like printers and PCs, and partly because the company has decided to differentiate its security efforts.

While HP’s peers have far broader technology interests, HP’s focus is well-timed, given that the security report raises the alarm that dangers are increasing significantly. HP’s security efforts will likely expand over time; branding that part of the business as Wolf Security opens potential future opportunities outside HP hardware products.

Let’s talk about some of the more troubling findings in HP’s Q3 Threat Insights Report.

New and Old Threats

When I first started covering security after leaving IBM, most threats were known, so antivirus products based on scripts were very effective. That’s changed dramatically over time with the advent of polymorphic viruses that can evolve on their own once released and the emergence of large companies who produce, as saleable products, malware. The growing industry of malware, particularly ransomware, has been particularly troubling over the last few years.

HP is reporting a significant uptick in new and unknown viruses, and now 12% of threats are new and unknown. This outcome explains why HP has made a hard shift to deep learning antivirus tools that can look at behavior rather than relying on scripts to better protect against these increasingly creative and damaging classes of unknown threats.

According to the report, dramatic growth in Trojan malware is particularly troubling, which suggests that companies are not doing enough employee security training; otherwise, that method of attack would be far less attractive and lucrative. And with people working from home, many defenses associated with Trojan-type attacks aren’t available to them. This growth would suggest that companies may need to implement a much more comprehensive security solution for those working at home than they currently have because what they are doing isn’t working.

Also read: Colonial Pipeline Lessons: Ransomware (and Security) Steps Everyone Should Take

Web Security Improves; Email Security Remains Weak

One of the most common attack methods is email lures; the biggest category is “other,” which means attackers have become far more creative with these lures. Employees who have grown used to the more typical false quotation, false invoice, false payment, and false request for information lures but are falling victim to lures they haven’t seen or been warned of before.

And email is up to 89% of the threats delivered, suggesting, on the positive side, that the browser improvements that the providers have made to address web security exposures, which are down to 11%, coupled with more significant hardening of websites, appear to be working to mitigate this attack vector. On the other hand, email is up to 89%, suggesting firms are not adequately securing their email platforms, exposing their companies.

Interestingly, attackers have learned that employees may be more vulnerable to attack early in the week, and the attack rate drops as we get to Friday. Attackers must take weekends off because attacks over the weekend combined (14%) are about the same as Friday (13%) alone, and Friday gets the least action of the workweek. Maybe the hackers go home early on Fridays.

In terms of types of files, many people have become concerned about PDF files. Still, attacks using that delivery method are down to 4%, and executables, blocked by most modern email platforms, are down to 16%. Still, archives, documents, and spreadsheets are at 38%, 23%, and 17%, suggesting that employee training and email flagging for potential threats needs to pivot to these other document types.

Employee Training Looms Large

HP’s Wolf Security Threat Insights Report for the 3rd quarter shows us that the threat landscape continues to change and employees are increasingly being targeted with new threats. As email has become the most significant attack vector, and file types have shifted from where employees were trained to look to other types of files, they may not yet be aware they are being compromised.

This report underlines that companies don’t appear to be meeting the critical need for employee training, nor are they hardening their remote employees, particularly the related email systems, well enough. This exposure suggests that, unless something changes, we will see a steady cadence of significant career-ending breaches for the foreseeable future.

Further reading: The Coming AI Threats We Aren’t Prepared For

Rob Enderle
As President and Principal Analyst of the Enderle Group, Rob provides regional and global companies with guidance in how to create credible dialogue with the market, target customer needs, create new business opportunities, anticipate technology changes, select vendors and products, and practice zero dollar marketing. For over 20 years Rob has worked for and with companies like Microsoft, HP, IBM, Dell, Toshiba, Gateway, Sony, USAA, Texas Instruments, AMD, Intel, Credit Suisse First Boston, ROLM, and Siemens.

News Around the Web