grandeduc - Fotolia
A researcher recently discovered an info-stealer -- dubbed Vidar -- that is a part of a multi-payload and ongoing malvertising attack that also distributes GandCrab ransomware. How does this double attack work? Who is a target for the attack and how can it be mitigated?
Malware infections haven't changed much over time, even taking into consideration the introduction of fileless malware, in which the software needs to get the endpoint to run malicious code in order for it to proceed to the next step in the attack. The next step can take many different forms, including downloading the next-stage malware or even multiple pieces of malicious code, depending on the attacker and the malware used.
Security controls may also be disabled. Malware attacks run the gamut -- from ransomware and information stealers to password stealers or a DDoS bot. Furthermore, these functionalities can be split into pieces, allowing the hacker to generate new versions or update individual components without affecting how the other malicious code operates.
For enterprises with low risk tolerances, running any unapproved code -- much less malicious code -- is cause for alarm. When an attack like this occurs, it must be thoroughly investigated to determine what happened on the endpoint and what vulnerabilities were created as a result.
A recent malvertising attack campaign -- in which an online advertisement could infect a viewer's computer with malware -- launched a two-pronged intrusion, using Vidar as an information stealer and GandCrab as ransomware. The campaign used both pieces of malware in a bid to potentially monetize access to the endpoint.
Malvertising attack software has been found on Torrent and streaming video sites. The Vidar software is engineered to exclude endpoints located in Russia, Belarus, Uzbekistan, Kazakhstan and Azerbaijan.
Malvertising attack mitigation calls for the implementation of standard endpoint security protocols. In addition, the website Malwarebytes released indicators that compromised companies should be aware of as they move to deal with the prospect of double attacks.
Dig Deeper on Endpoint protection and client security
Related Q&A from Nick Lewis
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading
Enterprises new to the cloud can write new security policies from scratch, but others with broad cloud usage may need an update. Consider these ... Continue Reading