APTs, Email and old school attacks
03/23/15 Category: Security
Lately we have been seeing a rash of malware targeting the mid-market. This new malware is concerning due to the high amount of zero day malware and old school but effective techniques using file attachments with embedded macros.
Whether it's called APT (Advanced Persistent Threats) or malware, the goal is the same, to introduce malware into an endpoint and make it part of a botnet and/or steal user credentials.
The zero day malware has been effective at evading existing SPAM, anti-virus and IDS/IDP solutions all based upon signature mapping. Our virtual sandbox solutions have been effective at examining the contents and detecting malware even before it has been recognized by any of the major anti-virus providers. In other words, we have seen and confirmed several true zero day threats.
The key to the effectiveness has been due to a series of steps, each seeming safe, but the sequence of events has been able to effectively introduce malware even into protected endpoints with current AV products:
- Typically a file attachment
- Invoking some kind of macro
- Downloading a jpg file (which embeds new malware)
Zero day can be detected with at least two products we offer. We also offer new solutions tailored to detecting malware on endpoints with modern AV software (including ATP for Advanced Threat Protection) that is able to detect/protect the device from a threat.
The goal of several of the variants we have seen is to exfiltrate credentials to user cloud services, which in turn is part of the growing identity problem.