Close

Request Demo

BUFFERZONE is available to Enterprise companies only. Please fill out the form below and we’ll contact you shortly


    Virtual Desktops

    VDI is vulnerable to advanced threats just like physical endpoints

    Blog

    Back

    Stop Worrying and Start Isolating – Bumblebee is Back

    By BUFFERZONE Team, 19/02/2024

    Target: IT Professionals (Elementary)

    Tags: Phishing, Safe Workspace®, Safe Browsing, NoCloud ™ Anti-Phishing

    After a hiatus of four months, the Bumblebee malware has resumed its activities, launching phishing campaigns against numerous U.S. organizations based on the detection of Proofpoint [1].

    Identified first in April 2022, Bumblebee is recognized as a malware loader, crafted by the cybercrime groups Conti and Trickbot as an alternative to the BazarLoader backdoor.

    This malware is frequently propagated through phishing efforts, deploying extra malicious payloads like Cobalt Strike beacons on compromised systems to facilitate initial access to networks and execute ransomware assaults.[2]

    The recent phishing (lure) operation leveraging the Bumblebee malware masquerades as voicemail notifications under the “Voicemail February” theme. These emails were disseminated to a multitude of U.S. organizations from “info@quarlessa[.]com.” The messages include a link to OneDrive, directing recipients to download a Word document with names like “ReleaseEvans#96.docm,” or similar titles, falsely presenting itself as communications from the consumer electronics brand hu.ma.ne, renowned for its AI-enabled pin. This nefarious document activates macros to generate a script file within the Windows temporary directory, subsequently running the file through “wscript.”

    The script file harbors a PowerShell command designed to retrieve and activate further instructions from an external server. This process leads to the download and activation of the Bumblebee Dynamic Link Library (DLL), named “w_ver.dll,” on the targeted system.

     

    Staying Safe in the Digital World

    To combat this threat, individuals and organizations must adopt preventive security measures. This includes educating employees about the signs of phishing emails, implementing advanced security solutions, and regularly updating systems to patch vulnerabilities. However, 92% of the attacks start with phishing attacks targeting the human factor. However, this attack is not a regular phishing attack but more as a lure to download the next phase of the attack.

    This is why we created BUFFERZONE® Safe Workspace® (that  it’s strategic concept is Protection by containment™) suite of zero-trust solutions that consists of Safe Mail, NoCloud™ Artificial Intelligence (AI) Anti-Phishing, SafeBridge® Content Disarm and Reconstruction (CDR), and Safe Browser, a secure browsing solution.

    Safe Mail is a Microsoft Outlook plugin that uses BUFFERZONE® SafeBridge® to CDR emails and open links and attachments securely inside a BUFFERZONE® secure virtual container. BUFFERZONE® container isolates the browsing and file activity while keeping your computer safe from evasive attacks. In the Bumblebee example, the lure link will be opened inside our container, and the downloaded file will be isolated and impossible to execute. As a result, it stops the next step of the attack and minimizes the human factor security breach.

    Conclusion

    The rise of the Bumblebee is a stark reminder of the importance of cybersecurity in the modern era. As cyber threats evolve, staying informed and prepared is our best defense against these digital dangers. By isolating threats and adding prevention capabilities to your existing detection solution, the organization achieves the highest level of security and keeps IT simple.

    References

    [1] https://www.proofpoint.com/us/blog/threat-insight/bumblebee-buzzes-back-black

    [2] https://www.bleepingcomputer.com/news/security/bumblebee-malware-attacks-are-back-after-4-month-break/