Halloween arrives as the nights get a little darker and the days that much shorter. Dating back two thousand years, Halloween’s roots are in the Celtic festival of Samhain, when 1st November marked the New Year. Celts believed that the night before was when the boundary between the worlds of the living and dead blurred and ghosts of the dead returned to earth to wreak havoc.
Whilst this tradition and belief might be long forgotten in today’s spooky party outfits, lit pumpkins and trick or treating sweets, the concept of forgotten ghosts coming back to haunt you is one that prevails in recent cyber threats:
Years old MS Office feature weaponised in malspam attacks
Over the last couple of months, there has been a lot of talk about Microsoft Office “features” that can be misused and weaponised by malicious actors. One of these, the Dynamic Data Exchange (DDE) has been around for a long time and allows applications to exchange data as well as send updates to each other. Victims receive a seemingly inane bait document request that they click to update links. Once they follow these instructions, malware will send a shiver down the spine of the hardiest of computers.
More widely, MS Office is being abused in both targeted and large-scale campaigns with malware authors using a wide variety of techniques to execute malicious code. The DDE method is not new at all, but is an example of how forgotten features can come back to haunt us.
The authors of destruction that refuse to go away
Just like Michael Myers, it looks like the authors of last week’s ransomware – BadRabbit – are refusing to give up. The ransomware uses hacked websites to offer fake flash updates and then drops its payload. At the time of writing, BadRabbit has – thus far – failed to strike globally with infections limited to Russia and Eastern Europe.
Companies shouldn’t rest on their laurels though. It could be that BadRabbit is quietly lurking in the corporate network authoring a sequel worthy of the Scream franchise.
Locky and zombies – brothers in arms
Just like a zombie, Locky is the ransomware that we just can’t get rid of. Not unlike Jaws in the James Bond movies, every time it falls off the cliff it comes back bigger, stronger and more villainous than before.
And it’s not just Locky threatening businesses; Magniber ransomware is a new strain of ransomware, distributed by the Magnitude Exploit Kit.
The growing number of ransomware families is scarier than Freddy Krueger, but the most fearful thing isn’t that the Nightmare on Elm Street franchise stretched over nine movies, but the rise in DIY ransomware. Typically coded by script kiddies, many files are extremely unreliable and unlike the pro ransomware, there is no guarantee of getting your files back after paying the ransom.
Mac malware OSX. Proton strikes again
Proton was added to Apple’s XProtect definitions in early March, and not much was known about it at the time. Then, in May, one of the servers responsible for distributing the popular Handbrake software was hacked, resulting in the distribution of a Proton-infected copy of Handbrake for a four-day period.
In October we saw hackers responsible for the Mac malware OSX.Proton rise again, this time infecting a copy of the Elmedia Player app that was distributed from the official Eltima website. It’s still not known how long their website was providing the hijacked app.
Like .ProtonB, .ProtonC saught to exfiltrate the keychains and 1Password vaults containing user passwords and other sensitive information, but it was also capable of facilitating hackers in stealing digital money from users.
Like ghosts, malware architects often lurk in dark corners ready to pounce when you least expect it. Once they’ve found one vulnerability, they’re primed and ready to exploit it over and over again.
To avoid this, organisations have got to look at their security posture. Whilst it’s a reality in today’s world that a business can never be 100 per cent secure, businesses have to prepare and seek to minimise the damage for when an incident does occur. Taking a multi-layered approach to security, using both anti-virus for traditional threats and anti-malware for the more advanced ones, will provide greater security – and ensure that the ghosts of the past don’t come back to haunt you in the present.