Explore More!
Your quick access has expired. Please book a demo to speak to one of our experts or get a 7-day Free Trial to explore more.
MS macro-blocking has forced cyber criminals to innovate | Computer Weekly
Summary
Proofpoint said that by the simple method of adding more friction, threat actors across the spectrum – from small-time players to experienced cyber criminal ransomware gangs – have had to make major changes to how they conduct “business”. “Financially motivated threat actors that gain initial access via email are no longer using static, predictable attack chains, but rather dynamic, rapidly changing techniques,” wrote Larson and Wise in a newly published whitepaper. “Based on Proofpoint’s … telemetry analysing billions of messages per day, [we] have observed widespread threat actor experimentation in malware payload delivery, using old file types, unexpected attack chains, and a variety of techniques that result in malware infections, including ransomware.” According to Larson and Wise, threat actors are still testing various behaviours to try to find the most effective method of using email to gain initial access, and no reliable, consistent alternative to macros has yet emerged. One of the largest cyber crime actors to start using PDF files is TA570, an active affiliate of the Qbot aka Qakbot trojan malware that has been linked to the ProLock and Egregor ransomwares. Larson and Wise believe this trend will continue for the foreseeable future, and assessed it is unlikely a single attack chain or series of techniques will emerge that remains consistent – or has the same staying power as macro exploitation once did.
Classifications
Core Activities
ERP & Process Management
ERP
Groupware & Email
Office Automation
Sales and Marketing
Vertical-Industries
Horizontal-Applications
Customer Relationship Management
Accounting and Taxes
Security
Virtualization & Cloud Resources
Networking and Cloud
Collaboration & Communication
Security Software