Kaspersky Researchers Discover a New ‘Fileless’ Malware Campaign

itnerd

www.itnerd.blog »

Researchers at Kaspersky have found a malicious campaign that used Windows event logs stored in malware, a new technique for attacks in the wild. This method enables threat actors to plant fileless malware in the file system, enabling the attack activity to be as stealthy as possible:

The initial infection of the system was carried out through the dropper module from an archive downloaded by the victim. The attacker used a variety of unparalleled anti-detection wrappers to keep the last stage Trojans even less visible. To further avoid detection, some modules were signed with a digital certificate.

The attackers employed two types of Trojans for the last stage. These were used to gain further access to the system, commands from control servers are delivered in two ways: over HTTP network communications and engaging the named pipes. Some Trojans versions managed to use a command system containing dozens of commands from C2.

The campaign also included commercial pentesting tools, namely SilentBreak and CobaltStrike. It combined well-known techniques with customized decryptors and the first observed use of Windows event logs for hiding shellcodes onto the system.

Saryu Nayyar, CEO and Founder of Gurucul had this to say about this unfortunate news:

“Emerging techniques such as these continue to highlight the importance of incorporating behavioral-based analytics, which constantly monitor users, endpoints and other security solutions in the enterprise, to further augment anomaly detection and investigation capabilities.”

“Detection evasion is the name of the game these days, so identifying and alerting on anomalous behavior during early stages of an attack is critical for any effective security program.”

This is truly next level stuff from these threat actors. Which means that your response to these threats has to be next level as well. In the meantime the Kaspersky report does offer some mitigation strategies that are well worth implementing.”

Fileless Malware Campaign

Fileless Malware Campaign
External Link: Kaspersky Researchers Discover a New ‘Fileless’ Malware Campaign

Share this page:

Related Posts