A report from HP Wolf Security shows that malicious actors are utilizing overdue invoice lures, open redirects and Living-off-the-Land (LotL) tactics in order to bypass cybersecurity defenses. The report analyzes real-world attacks seen in Q1, identifying notable campaigns such as cat-phishing, Windows Background Intelligent Transfer Service (BITS) leveraging and HTML smuggling. 

Cat-phishing was observed with attackers deploying open redirects. Malicious actors exploited vulnerabilities within websites to avoid detection, and targets were redirected from trustworthy sites to malicious sites (often through vulnerabilities in ad embeddings). 

Many campaigns utilized BITS, a legitimate uploading and downloading mechanism, to download malicious files undetected. Another tactic detailed in the report was smuggling malware within HTML files by disguising them as delivery invoices. 

Key findings from the report include: 

• The top threat vectors were removable storage and file shares (22%), browser downloads (25%) and email attachments (53%). 
• 65% of document threats depended on exploits to deploy code rather than macros.
• 12% of email threats bypassed at least one email gateway scanner.