DO YOU HAVE PROTECTION FROM THE LATEST URSNIF AND GANDCRAB CAMPAIGNS? WE DO.
February 06, 2019
Protecting your organization against cyber-crime means being ready for the unknown at all times. This week, researchers have uncovered two new malware campaigns that attack your infrastructure through something as innocent as a MS Word file.
Both of the attacks use the Ursnif trojan that is known for stealing data, collecting keystrokes and deploying additional backdoors to burrow into an IT network, fingerprinting your system and sending sensitive information back to the attackers. Once distributed, Ursnif can harvest personal credentials including financial data. One of the campaigns has an additional layer, the GandCrab ransomware tool that restricts user access, and demands a digital currency to unencrypt files on any infected network.
Launched by two separate attack groups, both attacks leverage phishing emails to breach their initial target machine, starting with a Microsoft Word document that has malicious macros embedded within it, and then using Powershell to inject fileless malware.
Arming Your Business Against These Kinds of Attacks
These threats are not as easy to look out for as you might imagine. Security researchers at Carbon Black found 180 variants of this kind of MS Word document, embedded with malicious VBS macros. While researchers have published a list of payload file names that have been used up until now, this cannot be considered an exhaustive list of indicators of compromise. New variations are being found all the time through successful breaches.
Votiro uses a different approach, and as a result, without even needing to know about the new threat, we have already protected our customers from these campaigns, preventing the attack from making it past the first hurdle.
Every file is deconstructed, disarmed, and put back together in a safe version of itself. As part of this process, we analyze macros and remove any that are abnormal, without needing existing knowledge of whether they are suspicious. We simply remove anything unnecessary, keeping the end user safe at all times, and treating the macros as per the user’s policy creation. The whole process takes less than one second, so the user would never know that the file has been checked.
This is just one example of the importance of choosing a cybersecurity solution that focuses on prevention rather than detection, ensuring you are ready for any threat, at any time.
Want to see us in action? Get in touch to schedule a demo.