We’re closely tracking an alarming threat that’s currently aiming to take advantage of careless or untrained users in a possible effort to distribute ransomware and other forms of malware—here’s what we’ve found.
Highlighted Threat: Attackers are using a variety of techniques in an attempt to launch a Quant Loader trojan capable of distributing ransomware and password stealers.
The campaign itself has been composed of a number of mini-campaigns—each lasting for a less than a day. They are utilizing an email content and file name pattern (with some emails having no text content and only a subject line), a single domain serving malicious script files over Samba, and a single variant of Quant being distributed from a handful of domains.
To recap, the techniques used in these attacks are:
Phishing – emails sent to persuade the recipient into acting on their requests
Social Engineering – attackers engage with recipients in order to gain their trust and act on their malicious request
Exploit – CVE-2016-3353 was used to circumvent the browser and execute malicious scripts in user-space
Obfuscation – malicious scripts are heavily obfuscated to prevent or slow static analysis efforts
User Security Training and Awareness — Employees should be regularly trained and tested to increase their security awareness of various targeted attacks. Simulated attack training is by far the most effective form of training. A solution like Barracuda PhishLine provides comprehensive, SCORM-compliant user training and testing as well as phishing simulation for emails, voicemail, and SMS along with other helpful tools to train users to identify cyberattacks.
Additionally, layering employee training with an email security solution that offers sandboxing and advanced threat protection should block malware before it ever reaches the corporate mail server. And, for protection against messages that contain malicious links, you can deploy anti-phishing protection that includes Link Protection to look for links to websites that contain malicious code. Links to these compromised websites are blocked, even if those links are buried within the contents of a document.
Real-Time Spear Phishing and Cyber Fraud Defense — Barracuda Sentinel is a cloud service that utilizes AI to learn an organization’s communications history and prevent future spear phishing attacks. It combines three powerful layers: an artificial intelligence engine that stops spear phishing attacks in real time and identifies the most high-risk individuals inside the company; domain fraud visibility using DMARC authentication to guard against domain spoofing and brand hijacking; and fraud simulation training for high-risk individuals.