HP Wolf Security Threat Intelligence: AI Ramps Efficiency for Cyber Attackers

Analyst(s): Krista Case
Publication Date: January 17, 2025

HP Inc.’s most recent Wolf Threat Intelligence Report unveils evolving AI-fueled threat vectors. Additionally, Futurum’s conversations with HP’s threat intelligence research uncover the resulting implications for endpoint security.

What is Covered in this Article:

• HP Inc. releases its Wolf Threat Intelligence Report for 3Q24, which analyzes the evolving tactics of cybercriminals.
• Recent insights into how cyberattackers are using AI to commoditize and open source malicious software, in effect further driving their efficiency and scale.
• The resulting impact on endpoint security, including the need for real-time below-the-operating system threat intelligence and security capabilities.

The News: HP Inc. releases its Wolf Threat Intelligence Report for 3Q24, which analyzes the evolving tactics of cybercriminals.

HP Wolf Security Threat Intelligence: AI Ramps Efficiency for Cyber Attackers

Analyst Take: HP Inc. has been running its Wolf Security Threat Intelligence Report for five years. There are a few takeaways from the report’s observations from Q324 data that will carry through into this new year.

The Headline: AI Has Only Begun to Revolutionize the Game for Malicious Actors

We are not just seeing the tip of the iceberg in terms of how AI will be used for attack effectiveness, but also for attack efficiency. For example, there are adversarial use cases ranging from reducing time-to-malicious code to optimizing attack scale in terms of targets as well as the variety of attack tactics.

This analyst’s eyes were opened in this conversation around not only how AI is being used, and will increasingly be used moving forward, to not only reduce the skills required and proverbial “barrier to entry” for cybercriminals but also how it can elevate malicious actors to focus on areas of strategic impact to their organization, such as defense evasion – just as we think about automation and AI doing for security teams.

Ransomware-as-a-service has been utilized for some time now, and the new nuance to this is the commoditization and open-sourcing of malicious code via AI. Where today adversaries have focused AI on delivering the malicious payload, it is likely we will see it expand earlier and later in the attack chain (for example, into vulnerability discovery).

What Exactly Does This Mean for the Enterprise?

Futurum spoke with HP Inc. threat researchers Alex Holland and Patrick Schlapfer about ensuring the right balance between detection, prevention, and protection, as attackers gain speed and innovation, thanks to AI. Endpoints have been growing “goldmines” for attacks, due to the trove of sensitive data that users typically store on them. We are also seeing the rise in AI applications and processes on these devices, alongside the growing value of cryptocurrency incentivizing attackers to target Bitcoin wallets.

Holland and Schlapfer underscored these trends, as well as the need to invest in below-the-OS security, as AI helps attackers to become more advanced and to invest in persistent below-the-OS attacks.

What to Watch:

• Evolving AI-driven cyberattack methods, specifically their emphasis on endpoint devices as well as their growing influence across the cybersecurity attack chain.
• HP’s melding of above-the-operating system threat prevention, such as its Sure Click application isolation, which reduces the attack surface of endpoints. Its ability to obtain visibility into below-the-operating system threats and make this threat intelligence actionable for Security Operations teams through various platform security features such as SureStart, which is enabled through the Endpoint Security Controller and which logs and provides visibility into security-relevant events.
• New endpoint vulnerabilities introduced by the usage of generative AI applications on PCs.

See HP’s complete press release for more information.

Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.

Other insights from The Futurum Group:

HP: Elevating Security with a Multi-Layered Approach for the Modern Era

Secure Your Devices: HP Wolf Security Suite

HP’s Q4 FY24 Earnings: A Resilient Finish to a Challenging Year

Author Information

Krista Case

With a focus on data security, protection, and management, Krista has a particular focus on how these strategies play out in multi-cloud environments. She brings approximately 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.

Prior to joining The Futurum Group, Krista led the data protection practice for Evaluator Group and the data center practice of analyst firm Technology Business Research. She also created articles, product analyses, and blogs on all things storage and data protection and management for analyst firm Storage Switzerland and led market intelligence initiatives for media company TechTarget.