grandeduc - Fotolia
A researcher recently discovered an info-stealer -- dubbed Vidar -- that is a part of a multi-payload and ongoing malvertising attack that also distributes GandCrab ransomware. How does this double attack work? Who is a target for the attack and how can it be mitigated?
Malware infections haven't changed much over time, even taking into consideration the introduction of fileless malware, in which the software needs to get the endpoint to run malicious code in order for it to proceed to the next step in the attack. The next step can take many different forms, including downloading the next-stage malware or even multiple pieces of malicious code, depending on the attacker and the malware used.
Security controls may also be disabled. Malware attacks run the gamut -- from ransomware and information stealers to password stealers or a DDoS bot. Furthermore, these functionalities can be split into pieces, allowing the hacker to generate new versions or update individual components without affecting how the other malicious code operates.
For enterprises with low risk tolerances, running any unapproved code -- much less malicious code -- is cause for alarm. When an attack like this occurs, it must be thoroughly investigated to determine what happened on the endpoint and what vulnerabilities were created as a result.
A recent malvertising attack campaign -- in which an online advertisement could infect a viewer's computer with malware -- launched a two-pronged intrusion, using Vidar as an information stealer and GandCrab as ransomware. The campaign used both pieces of malware in a bid to potentially monetize access to the endpoint.
Malvertising attack software has been found on Torrent and streaming video sites. The Vidar software is engineered to exclude endpoints located in Russia, Belarus, Uzbekistan, Kazakhstan and Azerbaijan.
Malvertising attack mitigation calls for the implementation of standard endpoint security protocols. In addition, the website Malwarebytes released indicators that compromised companies should be aware of as they move to deal with the prospect of double attacks.
Dig Deeper on Endpoint protection and client security
Related Q&A from Nick Lewis
Enterprises new to the cloud can write new security policies from scratch, but others with broad cloud usage may need an update. Consider these ... Continue Reading
Cloud security providers need to play catch-up with the evolving advancements in cloud technology. Find out what the top CSPs offer today and which ... Continue Reading
Cloud security certifications serve to bolster security professionals' resumes and boost value to employers. Learn about the top certifications ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.