Cyber criminals use new Windows malware to backdoor to attack organizations
Read the full article on this website.
Cyber criminals use new Windows malware to backdoor govt, defense orgs (bleepingcomputer.com)
To spread PortDoor malware, cyber criminals utilised spear phishing emails containing confidential information about the targeted firms and malicious code exploiting the CVE-2017-11882 Microsoft Office vulnerability. In the latter stages of the attack, the gang installed previously related malware to TA428 (nccTrojan, Logtu, Cotx, and DNSep), as well as a never-before-seen malware strain termed CotSam.
The new backdoor, like the others employed in this operation, allows attackers to capture and steal system information and files from compromised systems. The attackers went so far as to integrate a vulnerable version of Microsoft Word with the payload to spread CotSam (Microsoft Word 2007 on 32-bit systems and Microsoft Word 2010 on 64-bit systems).
Solution:
XDR managed services:
- Prevented a very large number of phishing email as we block a significant number of malicious domains and IP addresses associated with Phishing attacks.
- Our Adversary Behaviour Detection engine and Forensic-Depth Analysis engine detects presence of malware installation and its movement on the endpoint. This includes detection of DLL hijacking and process hollowing techniques which are extensively used in attack, which typically prevent other security software from detecting the malware.
- Using threat intelligence data, we track Command and Control (C2) servers and block inbound and outbound communication to these so the compressed sensitive files would likely be prevented from being exfiltrated.
- Finally, based on our recommended GIO-Fencing policy, we would stop the attack in its tracks because we would be blocking all traffic with servers hosted in China.
Comments are closed.
