We’ve lengthy recognized builders of cyberattacks to be artful and focus a whole lot of power on obfuscation, however a brand new assault can shift gears midstream, delivering simply the proper malware.
When you journey sufficient by airplane, finally you may have a extremely good concept of what can go flawed whereas enroute and plan accordingly to pack the proper issues you could want (e.g., battery pack, charging cable, pillow, headphones, and many others.). It’s simply human nature – you already know the result you need, are conscious of the variables, and take actions proactively to make sure as constructive an final result as doable.
A brand new assault recognized by safety analysts at HP Wolf Safety, denoted of their Q3 Risk Perception Report highlights a really refined assault that feels a bit like these attackers have been by means of this earlier than and have taken precaution to have the ability to change the main target of an assault based mostly on what they encounter in a sufferer group.
Based on the report, the assault begins with a easy malicious Phrase doc, however rapidly turns into a fancy mixture of PowerShell scripts designed to facilitate the downloading of elements from completely different distant internet servers used all through the marketing campaign, permitting attackers to alter out payloads simply mid-campaign and even mid-attack.
This modular strategy empowers preliminary entry brokers to make use of the identical assault technique, however set up a RAT for one consumer, ransomware for an additional, and Cobalt Strike Beacon for yet one more. That is harmful territory, when risk actors have “choices”. It’s all of the extra purpose we have to make it possible for their preliminary assault – a Phrase doc despatched as an attachment – isn’t opened; one thing taught to customers by means of continuous Safety Consciousness Coaching.