Huntress Labs has reported in a blog post a elaborate malware that targets managed services providers. The malware deploys multiple, complex cloaking techniques to evade detection.
Quoting liberally from MSSP Alert:
The bug is a “multi-stager, multi-payload” with layers of abstraction about which the security specialist jokingly referred to as “the gift that keeps on giving.” While malware payloads delivered in stages isn’t unusual, the level to which this one goes to avoid detection is unique and clever enough to slide right past a typical, off-the-shelf anti-virus or endpoint protection program.
An initial payload is delivered using legitimate Windows binaries to extract out and execute new PowerShell code that contains another piece encoded data to retrieve a second payload using Google’s DNS over HTTPS service. “Using DNS over HTTP as means to receive another malware payload is a very clever trick — while DNS filtering might be in place on a secure network, limited and locked down HTTP access to google.com is much less likely,” Hammond wrote. To deliver the final payload, the malware code reaches out to an external server which installs the final command-and-control stub to give the hacker control of the target machine.
Meanwhile, Acronis has released their Cyber Readiness Report for 2020. Here are your highlights:
- 39% of the companies experienced a videoconferencing attack in the past three months as workers rely on apps like Zoom, Cisco Webex, and Microsoft Teams. Cisco recently revealed a vulnerability in its Webex app that could allow attackers to open, read, and steal potentially valuable or damaging content.
- Malware attacks such as ransomware also have increased during the pandemic, with 31% of companies reporting daily cyberattacks and half (50%) being targeted at least once a week.
- Phishing attacks are occurring at historic levels, which is not surprising since the report found only 2% of companies consider URL filtering when evaluating a cybersecurity solution. That oversight leaves remote workers vulnerable to phishing sites – Acronis discovered that approximately 10% of users clicked on malicious websites in May, June, and July.
Why do we care?
This feels very tactical – meaning, you need to know about it.
Then again, it’s the sophistication and the targeting that we care about. It’s very pointed. It’s very clever. And it’s targeting you, the technology services provider.
“Just because you‘re paranoid doesn’t mean they aren’t after you.” And they clearly ARE after you.
Source: MSSP Alert
Source: Business Wire