Last fall, Kaspersky Lab experts discovered new BlueNoroff traps for startup employees - 70 fake domains mimicking well-known venture capital funds and banks, mostly Japanese, but also American, Vietnamese and UAE ones. In addition, attackers are now experimenting with new file types to continue embedding malware into target systems.
According to the attackers' scheme, the malware is contained in a .doc file, supposedly a contract from a client. If you open this file, the device is immediately infected with malware and attackers can track all daily transactions and plan to steal. The moment an employee of an infected company tries to transfer a large amount of cryptocurrency, the attackers interfere with the transaction process, change the recipient's address and raise the transfer limit, instantly draining the account.
Members of the BlueNoroff cyber group are actively experimenting and testing new methods of malware delivery using previously unused file types. These include Visual Basic Script, Windows Batch and executable Windows files. Attackers have learned to bypass the Mark-of-the-Web (MoTW) feature. This is a special marking that Windows puts when a user tries to open a file downloaded from the Internet. For example, Microsoft Office opens documents marked with MoTW in a special protected mode. But not all files are marked that way. To get around this blockage, many cyber groups have started to embed malware in images, in ISO files.
Experts believe that this year could see a cyber epidemic on an unprecedented scale, surpassing WannaCry. Attackers are constantly testing and analyzing new, more advanced tools. Companies need to pay special attention to improving information security.
Comments