HP Wolf Security Threat Insights Report finds that at least 12% of email threats identified by HP Sure Click bypassed one or more email gateway scanners; top threat vectors in Q1 were email attachments, downloads from browsers, removable storage

Sample article from our Printing & Publishing

PALO ALTO, California , May 16, 2024 (press release) –

HP Inc. (NYSE: HPQ) today issued its quarterly HP Wolf Security Threat Insights Report, showing attackers are relying on open redirects, overdue invoice lures, and Living-off-the-Land (LotL) techniques to sneak past defenses. The report provides an analysis of real-world cyberattacks, helping organizations to keep up with the latest techniques cybercriminals use to evade detection and breach PCs in the fast-changing cybercrime landscape.

Based on data from millions of endpoints running HP Wolf Security, notable campaigns identified by HP threat researchers include:

  • Attackers using open redirects to ‘Cat‑Phish’ users: In an advanced WikiLoader campaign, attackers exploited open redirect vulnerabilities within websites to circumvent detection. Users were directed to trustworthy sites, often through open redirect vulnerabilities in ad embeddings. They were then redirected to malicious sites – making it almost impossible for users to detect the switch.
  • Living-off-the-BITS: Several campaigns abused the Windows Background Intelligent Transfer Service (BITS) – a legitimate mechanism used by programmers and system administrators to download or upload files to web servers and file shares. This LotL technique helped attackers remain undetected by using BITS to download the malicious files.
  • Fake invoices leading to HTML smuggling attacks: HP identified threat actors hiding malware inside HTML files posing as delivery invoices which, once opened in a web browser, unleash a chain of events deploying open-source malware, AsyncRAT. Interestingly, the attackers paid little attention to the design of the lure, suggesting the attack was created with only a small investment of time and resources.

Patrick Schläpfer, Principal Threat Researcher in the HP Wolf Security threat research team, comments:

"Targeting companies with invoice lures is one of the oldest tricks in the book, but it can still be very effective and hence lucrative. Employees working in finance departments are used to receiving invoices via email, so they are more likely to open them. If successful, attackers can quickly monetize their access by selling it to cybercriminal brokers, or by deploying ransomware.”

By isolating threats that have evaded detection-based tools – but still allowing malware to detonate safely – HP Wolf Security has specific insight into the latest techniques used by cybercriminals. To date, HP Wolf Security customers have clicked on over 40 billion email attachments, web pages, and downloaded files with no reported breaches.

The report details how cybercriminals continue to diversify attack methods to bypass security policies and detection tools. Other findings include:

  • At least 12% of email threats identified by HP Sure Click1 bypassed one or more email gateway scanners.
  • The top threat vectors in Q1 were email attachments (53%), downloads from browsers (25%) and other infection vectors, such as removable storage – like USB thumb drives – and file shares (22%).
  •  This quarter, at least 65% of document threats relied on an exploit to execute code, rather than macros.

Dr. Ian Pratt, Global Head of Security for Personal Systems at HP Inc., comments:

"Living-off-the-Land techniques expose the fundamental flaws of relying on detection alone. Because attackers are using legitimate tools, it’s difficult to spot threats without throwing up a lot of disruptive false positives. Threat containment provides protection even when detection fails, preventing malware from exfiltrating or destroying user data or credentials, and preventing attacker persistence.  This is why organizations should take a defence-in-depth approach to security, isolating and containing high-risk activities to reduce their attack surface."

HP Wolf Security2 runs risky tasks in isolated, hardware-enforced disposable virtual machines running on the endpoint to protect users, without impacting their productivity. It also captures detailed traces of attempted infections. HP’s application isolation technology mitigates threats that slip past other security tools and provides unique insights into intrusion techniques and threat actor behavior.


About the data

This data was gathered from consenting HP Wolf Security customers from January-March 2024.


About HP

HP Inc. (NYSE: HPQ) is a global technology leader and creator of solutions that enable people to bring their ideas to life and connect to the things that matter most. Operating in more than 170 countries, HP delivers a wide range of innovative and sustainable devices, services and subscriptions for personal computing, printing, 3D printing, hybrid work, gaming, and more. For more information, please visit: http://www.hp.com.


About HP Wolf Security

HP Wolf Security is world class endpoint security. HP’s portfolio of hardware-enforced security and endpoint-focused security services are designed to help organizations safeguard PCs, printers, and people from circling cyber predators. HP Wolf Security provides comprehensive endpoint protection and resiliency that starts at the hardware level and extends across software and services. Visit https://hp.com/wolf.

©Copyright 2024 HP Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the expresswarranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.


1 HP Sure Click Enterprise is sold separately. Supported attachments include Microsoft Office (Word, Excel, PowerPoint) and PDF files, when Microsoft Office or Adobe Acrobat are installed. For full system requirements, please visit HP need hyperlink to HP Sure Access Enterprise and HP Sure Click Enterprise system requirements at: https://enterprisesecurity.hp.com/s/article/System-Requirements-for-HP-Sure-Access-Enterprise

2 HP Wolf Security for Business requires Windows 10 or 11 Pro and higher, includes various HP security features and is available on HP Pro, Elite, RPOS and Workstation products. See product details for included security features.


* All content is copyrighted by Industry Intelligence, or the original respective author or source. You may not recirculate, redistrubte or publish the analysis and presentation included in the service without Industry Intelligence's prior written consent. Please review our terms of use.

See our dashboard in action - schedule an demo
Dan Rivard
Dan Rivard
- VP Market Development -

We offer built-to-order printing & publishing coverage for our clients. Contact us for a free consultation.

About Us

We deliver market news & information relevant to your business.

We monitor all your market drivers.

We aggregate, curate, filter and map your specific needs.

We deliver the right information to the right person at the right time.

Our Contacts

1990 S Bundy Dr. Suite #380,
Los Angeles, CA 90025

+1 (310) 553 0008

About Cookies On This Site

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy. We won't track your information when you visit our site. But in order to comply with your preferences, we'll have to use just one tiny cookie so that you're not asked to make this choice again.