Attackers Exploit Trusted Tools in Cyber Campaigns

Severity: High (Score: 71.0)

Sources: Cfotech.Asia, Itbrief.Au, Securitybrief, Securitybrief.Au

Summary

ReliaQuest's analysis reveals a significant rise in cyberattacks utilizing trusted tools and user behavior manipulation from December to February. The report identifies BaoLoader as the leading malware, involved in 40.9% of incidents, primarily through drive-by compromises disguised as legitimate software. ClickFix, a social engineering tactic, was linked to over 44% of defense evasion incidents. The analysis indicates a shift from complex malware to exploiting familiar tools, especially during the US tax season when searches for financial software increased. Shai-Hulud, a new malware variant, ranked second at 27.3%, evolving into a threat targeting cloud credentials. Remote monitoring tools like ConnectWise ScreenConnect and BeyondTrust were also exploited, with BeyondTrust's CVE-2026-1731 being actively exploited shortly after its disclosure. This trend highlights the growing sophistication of cyber threats leveraging legitimate software. Key Points: • BaoLoader accounted for 40.9% of tracked cyber incidents, primarily through drive-by compromises. • ClickFix social engineering technique was involved in over 44% of defense evasion activities. • CVE-2026-1731 in BeyondTrust software is actively exploited for initial and ongoing access.

Key Entities

• CVE-2026-1731 (cve)