Cybercriminals Bypass Security Using Legitimate Tools & Browser Extensions to Deliver Malware

In the second half of 2024, cybercriminals have increasingly leveraged legitimate Microsoft tools and browser extensions to bypass security measures and deliver malware, according to Ontinue’s latest Threat Intelligence Report.

Threat actors are exploiting built-in Microsoft features like Quick Assist and Windows Hello to establish persistence and evade detection.

Quick Assist, a remote access tool, is being used in social engineering attacks where attackers impersonate tech support to gain control of victims’ systems.

Windows Hello, Microsoft’s passwordless authentication technology, is being abused to register rogue devices and bypass multi-factor authentication in misconfigured enterprise environments.

Browser extensions, particularly on Chrome, are increasingly being utilized to deliver information-stealing malware.

This method is especially effective because malicious extensions can persist even after system reimaging, as users often unknowingly reintroduce the threat by reimporting their browser profiles during the recovery process.

Ransomware Evolves with Sophisticated Delivery Methods

The report also highlights the evolution of ransomware tactics.

While estimated ransom payments decreased to $813.55 million in 2024 from $1.25 billion in 2023, the number of reported breaches increased.

This suggests that ransomware groups are conducting more attacks to compensate for lower ransom success rates.

Ransomware operators are refining their approaches, prioritizing IT skills over programming expertise.

Affiliates are often selected for their ability to navigate enterprise networks, assess and disable backups, and target databases and virtualized environments.

This shift underscores the growing sophistication of ransomware attacks and the increasing need for robust cybersecurity measures.

Rising Threats in IoT and OT Environments

The report warns of a significant increase in threats targeting Internet of Things (IoT) and Operational Technology (OT) environments.

These devices often lack centralized security controls, making them prime targets for cyber threats.

Recent attacks have demonstrated the vulnerability of these systems, including large-scale botnets leveraging unpatched IoT devices and sophisticated nation-state actors targeting industrial control systems.

To mitigate these evolving threats, organizations are advised to implement a range of security measures.

These include strengthening ransomware defenses, securing authentication methods, monitoring and securing built-in system tools, implementing rapid patching and vulnerability management, improving incident response and threat hunting capabilities, and enhancing web and email security.

As the threat landscape continues to evolve, organizations must adopt a proactive approach to cybersecurity, focusing on rapid threat detection, robust authentication controls, and an agile response strategy to build a more resilient security posture against emerging threats.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup – Try for Free