Houdini_w-text  - Houdini w text - Malicious Business Email Campaign Uses Google Cloud Storage to Target Banks and Financial Services Companies

Researchers at Menlo Labs have spotted and tracked a new campaign aimed at tricking of US and UK firms and into downloading Houdini Malware.

It’s no surprise that cybercriminals are going where the money is – in this case, literally. A campaign that has been running since August of this year has been identified seeking to compromise endpoints using a combinations of tactics:

  • Reputation Jacking – all of the files were hosted on ’s Cloud (.googleapis.com). This use of well-known, popular hosting services helps to avoid detection. (According to Menlo Lab’s most recent Annual State of the Web Report, 4,600 phishing sites used legitimate hosting services.
  • Archived Files – the files linked to in these campaigns were zip or gz archive files, further obfuscating the payload.
  • Links over Attachments – links to Google’s Cloud Storage (and other reputable sites) are less likely to be flagged as suspicious than an attachment that can be scanned locally.
  • Scripting – .vbs and .jar files were used as droppers.
  • Script Obfuscation – all of the scripts were obfuscated three levels via VBScript.
  • Contextual filenames – because financial institutions were the , the names like “remittance invoice” and “transfer invoice” were used.
  • Socially Engineered – traditional social engineering tactics, specific recipients, and requests appropriate for their role were used.

The end goal of the attack was to install a remote access trojan () from the Houdini/jRAT malware family to take control of the endpoint, likely to gain access to internal financial applications.

As attackers use more and more sophisticated attacks like the one outline above, it’s important to focus on the one part of the equation that hasn’t changed – the attack requires a user. Without someone falling for the scam, this attack is powerless.

Organizations consistently putting their users through Security Awareness Training have a better chance of avoiding becoming a victim to scams like this. With educated users completely aware of the tactics used by cybercriminals, what to look for, and how to spot a malicious email, the likelihood of them falling prey to an attack is significantly reduced.


Find out how affordable new-school security awareness training is for your organization. Get a quote now.

 

Get A Quote  - a8252926 7187 4c02 9dd4 933c17d712b1 - Malicious Business Email Campaign Uses Google Cloud Storage to Target Banks and Financial Services Companies
Request A Demo  - 2af0f76d 67ca 4454 9896 5cb1da9b1f50 - Malicious Business Email Campaign Uses Google Cloud Storage to Target Banks and Financial Services Companies

 



Source link
Based Blockchain Network

LEAVE A REPLY

Please enter your comment!
Please enter your name here