New Attack with the Same Story – The Need for Zero-Trust File Security
By BUFFERZONE Team, 11/01/2024
Target: IT Professionals
Tags: Malware, Ransomware Zero-Trust, Safe Workspace™, Safe Browsing
A recent phishing scheme has been detected using a Russian-language Microsoft Word document as a vehicle to distribute malware. This malware, targeting Windows systems,
is designed to steal sensitive data as reported by The Hacker News.
The operation is linked to a group known as Konni, which has connections with a North Korean faction identified as Kimsuky (also known as APT43).
The campaign employs a remote access trojan (RAT) that can both gather data and control infected devices. This cyber espionage group, known for its focus on Russia, typically
initiates its attacks via spear-phishing emails and harmful documents. The document’s Visual Basic for Application (VBA) macro once enabled triggers an intermediate Batch script.
This script conducts system checks and bypasses User Account Control (UAC), setting the stage for the introduction of a DLL file. This file is equipped for both data collection and extraction.
The malicious payload features a UAC bypass mechanism and secure communication with a command-and-control (C2) server. This allows the attackers to carry out high-level commands remotely.
Macro Based Attacks – What can we do?
The combination of lure (phishing) content and macro is one of the most common attack vectors that keeps hitting organizations. The methos is so successful that although everyone knows
it still works. The problem starts in our current existing security controls that are based on detection.
Malware detection has advanced significantly with the introduction of Artificial Intelligence (AI) however, it is not 100% and organization is at risk.
At BUFFERZONE®, we advocate for IT solutions that are both straightforward and impactful. That is why we have introduced an alternative approach centered on zero-trust malware
prevention. Unlike traditional security models that depend on detection and inherently involve a degree of trust, our method introduces two key innovations.
The first is our patented isolation technology, which creates a secure barrier between potential threats and the system. The second is our pioneering zero-trust file security feature,
known as Content Disarm and Reconstruction. This approach ensures a robust and preemptive stance against cybersecurity threats, aligning with our commitment to simplicity
and effectiveness in IT security.
BUFFERZONE® Safe Workspace™ for endpoints provides robust protection against all forms of downloaded and attached malware. By creating a controlled environment,
Safe Workspace™ effectively contains and neutralizes potential threats before they can cause any damage. This advanced security solution alleviates organizations’ constant
worry about threats such as USB-borne attacks, file-less malware, ransomware, and widespread phishing attempts.
BUFFERZONE® creates two distinct zones: a virtual trusted zone and an untrusted zone. Within the untrusted zone, users can freely browse the internet, open Microsoft Outlook
links and attachments, and access removable media such as USBs. Meanwhile, the trusted zone remains securely isolated and is a gateway to the organization’s secure content.
Keep your IT simple and effective
Contact us for more details.