Cybercriminals do not need to invent anything new to wreak havoc. Sometimes it is enough to recycle old tactics and give them a turn to be effective again. This is reflected in the HP threat report, which focuses on how tools such as phishing or living-off-the-lond (LOTL) are sophisticated to escape the most modern safety radars.
Experts warn that this evolution is increasingly difficult to distinguish between what is a legitimate activity in a team and what really hides an attack. In other words: what seems like a harmless file can become the back door of a cybercrime.
The usual trick, with a new costume
One of the most striking cases collected by the report is that of alleged adobe reader bills. After an impeccable appearance, with its loading bar included, a camouflaged reverse was hidden in a tiny SVG image. When opening it, the user delivered without knowing the remote control of his device. Another example is the use of ChM files (Microsoft’s old help format) to hide malware between image pixels, which later executed the well -known Trojan Xworm while eraseing its footprints.
“The attackers are not reinventing the wheel, but they are refining their techniques,” warns Alex Holland, principal researcher at HP Security Lab. “We see more and more tools Lotl chained and little obvious file types, such as images, to avoid detection. A complete Trojan is not needed when a simple script can achieve the same effect.”
Tools as well known as Phishing or Living
The return of old acquaintances: Phishing and Lotl
The study also confirms the return of Lumma Stealer, a malware specialized in stealing information that seemed to have been in the background after recent police raids. However, in a matter of weeks its operators registered new domains and resumed the activity, now distributing compressed files in IMG format to sneak into the systems.
This insistence shows to what extent cybercriminals know how to adapt. And it is no accident that the compressed files are the preferred route of entry: according to the report, four out of ten threats arrive in this format. It also highlights the rebound of the .rra files, responsible for more than a quarter of the attacks detected.
The thin line between normal and suspicious
The big problem, experts coincide, is that many of these techniques take advantage of tools that are part of the day to day in any office: Powershell, compressed files, scripts. That ambiguity causes security equipment to have to walk on a tightrope.
“The dilemma is clear: restrict too much and hinder the user or leave the door open and risk an attacker to infiltrate,” summarizes Ian Pratt, global security head for personal systems in HP. “Even the best detection systems sometimes fail; therefore, the deep defense approach with containment and isolation is essential.”
Isolate to understand
The report also underlines the importance of containment as a protection strategy. HP Wolf Security has allowed analyzing these campaigns to isolate threats in safe and controlled environments. Thanks to this, it is known that during the second quarter of 2025 HP clients interact with more than 55,000 million files, web pages and downloads without suffering relevant gaps.
This volume of data confirms that threats do not stop growing, but also shows that insulation -based solutions allow to study the attackers in action and get ahead of their movements.
A race that does not end
The background message of the report is clear: cybercrime is a resistance race. The criminals do not limit themselves to launching an attack and disappearing, but they try, fail, correct and try again with new variants. In that field, the old recycled techniques are as effective as dangerous.
For organizations, the challenge is to adapt to that rhythm. It is not enough to trust detection filters or traditional measures: the approach goes through adding layers of protection, isolating the suspicious and assuming that the attackers will continue looking for unexpected angles to enter. As the report itself concludes, the ingenuity of the cybercriminals is not to invent the impossible, but in perfecting what it already works.
