Small business IT professionals are trying to balance multiple priorities and finding that the balance often leaves the company they support with serious security risks. IT professionals at small businesses face a number of competing priorities. They’re generally individuals or small teams charged to “provide it all,” from great customer [...]
We see more warning about ongoing malware campaigns that are distributing the Astaroth malware using fileless and living-off-the-land techniques which make it almost impossible for traditional antivirus solutions to spot the ongoing attacks.
Recently a piece of malware slipped under the radar of Windows Defender free antivirus and was only highlighted to the team at microsoft once a huge and sudden spike was detected from using the Windows Management Instrumentation Command-line (WMIC) tool, a legitimate tool shipped with all modern versions of windows.
The malware campaign consisted of a huge spam operation that was sending out emails with a link to a website hosting a .LNK shortcut file. If a user was careless to download and run this file, it would launch the WMIC tool, and then a plethora of other legitimate Windows tools, one after the other.
The malware continues by its malicious behaviour by downloading further code and executing solely in memory — in what’s called fileless execution — and without saving any files on disk, making the job of classic antivirus software impossible, as they would have no file on disk to scan.
Image: Microsoft
Eventually Astaroth trojan, a known info-stealer can dump credentials for the majority of apps, and upload the stolen data to a remote server.
Whats next?
The next step in the evolution of modern antivirus products is shifting from a classic file signature detection mode.
A new approach is now required using AI behavioral-driven approach which will detect “invisible” actions like fileless (in-memory) execution.
Unfortunately, there is still a pervasive sentiment among some business owners that they don’t have enough data to warrant a security solution or that their data is unimportant to criminals. ...
Post comments (0)