The IT Nerd

 Today at HP Imagine, HP Inc. revealed exciting new enhancements for its consumer portfolio to enable users to reimagine their experience via AI-powered innovations, whether it be for work or play. The announcements include next-gen AI PCs, AI-enabled video conferencing solutions, and a scalable GPU performance sharing solution for AI developers – all designed to transform the future of work.

Outlined below are a few highlights of the announcements:

• For freelancers and creators, the HP OmniBook Ultra Flip 14-Inch, is the perfect device for those looking for AI-powered creative experiences, offering uncompromising style, performance, and flexibility.
• For tech experts and business consultants, the HP EliteBook X 14-Inch is the first in HP’s Commercial PC lineup delivering performance, productivity and security for workflows both locally and in the cloud.
• People work in different places throughout the workday, whether in a meeting room, at the desk, or on the go.  HP’s newest additions to the industry’s broadest portfolio of AI-enabled multi-camera capable video conferencing solutions include the Poly Studio X32 and Poly Studio X72 all-in-one video bars and Poly Studio V32 and Poly Studio V72 premium USB video bars.
• The HyperX Cloud MIX™2 takes flexibility to the next level with personalized, HyperX Signature Sound. Its over-ear headset design featuring plush memory foam earcups and up to 110 hours of battery life via Bluetooth offer all-day comfort and power that’s perfect for gaming on the go, music, or work calls.

HP has an announcement on all of this which you can read here.

At HP Imagine, HP Inc. today issued its latest Threat Insights Report revealing how attackers are using generative AI to help write malicious code. HP’s threat research team found a large and refined ChromeLoader campaign spread through malvertising that leads to professional-looking rogue PDF tools, and identified cybercriminals embedding malicious code in SVG images. 

The report provides an analysis of real-world cyberattacks, helping organizations to keep up with the latest techniques cybercriminals are using to evade detection and breach PCs in the fast-changing cybercrime landscape.  Based on data from millions of endpoints running HP Wolf Security, notable campaigns identified by HP threat researchers include: 

• Generative AI assisting malware development in the wild: Cybercriminals are already using GenAI to create convincing phishing lures but to date there has been limited evidence of threat actors using GenAI tools to write code. The team identified a campaign targeting French-speakers using VBScript and JavaScript believed to have been written with the help of GenAI. The structure of the scripts, comments explaining each line of code, and the choice of native language function names and variables are strong indications that the threat actor used GenAI to create the malware. The attack infects users with the freely available AsyncRAT malware, an easy-to-obtain infostealer which can record victim’s screens and keystrokes. The activity shows how GenAI is lowering the bar for cybercriminals to infect endpoints. 
• Slick malvertising campaigns leading to rogue-but-functional PDF tools: ChromeLoader campaigns are becoming bigger and increasingly polished, relying on malvertising around popular search keywords to direct victims to well-designed websites offering functional tools like PDF readers and converters. These working applications hide malicious code in a MSI file, while valid code-signing certificates bypass Windows security policies and user warnings, increasing the chance of infection. Installing these fake applications allows attackers to take over the victim’s browsers and redirect searches to attacker-controlled sites.  
• This logo is a no-go – hiding malware in Scalable Vector Graphics (SVG) images: some cybercriminals are bucking the trend by shifting from HTML files to vector images for smuggling malware. Vector images, widely used in graphic design, commonly use the XML-based SVG format. As SVGs open automatically in browsers, any embedded JavaScript code is executed as the image is viewed. While victims think they’re viewing an image, they are interacting with a complex file format that leads to multiple types of infostealer malware being installed. 

By isolating threats that have evaded detection tools on PCs – but still allowing malware to detonate safely – HP Wolf Security has specific insight into the latest techniques used by cybercriminals. To date, HP Wolf Security customers have clicked on over 40 billion email attachments, web pages, and downloaded files with no reported breaches.  

The report, which examines data from calendar Q2 2024, details how cybercriminals continue to diversify attack methods to bypass security policies and detection tools, such as: 

• At least 12% of email threats identified by HP Sure Click bypassed one or more email gateway scanners, the same as the previous quarter. 
• The top threat vectors were email attachments (61%), downloads from browsers (18%) and other infection vectors, such as removable storage – like USB thumb drives and file shares (21%). 
• Archives were the most popular malware delivery type (39%), 26% of which were ZIP files.   

HP Wolf Security runs risky tasks in isolated, hardware-enforced virtual machines running on the endpoint to protect users, without impacting their productivity. It also captures detailed traces of attempted infections. HP’s application isolation technology mitigates threats that can slip past other security tools and provides unique insights into intrusion techniques and threat actor behavior.  

About the Data

This data was gathered from consenting HP Wolf Security customers from April-June 2024.