grandeduc - Fotolia
A researcher recently discovered an info-stealer -- dubbed Vidar -- that is a part of a multi-payload and ongoing malvertising attack that also distributes GandCrab ransomware. How does this double attack work? Who is a target for the attack and how can it be mitigated?
Malware infections haven't changed much over time, even taking into consideration the introduction of fileless malware, in which the software needs to get the endpoint to run malicious code in order for it to proceed to the next step in the attack. The next step can take many different forms, including downloading the next-stage malware or even multiple pieces of malicious code, depending on the attacker and the malware used.
Security controls may also be disabled. Malware attacks run the gamut -- from ransomware and information stealers to password stealers or a DDoS bot. Furthermore, these functionalities can be split into pieces, allowing the hacker to generate new versions or update individual components without affecting how the other malicious code operates.
For enterprises with low risk tolerances, running any unapproved code -- much less malicious code -- is cause for alarm. When an attack like this occurs, it must be thoroughly investigated to determine what happened on the endpoint and what vulnerabilities were created as a result.
A recent malvertising attack campaign -- in which an online advertisement could infect a viewer's computer with malware -- launched a two-pronged intrusion, using Vidar as an information stealer and GandCrab as ransomware. The campaign used both pieces of malware in a bid to potentially monetize access to the endpoint.
Malvertising attack software has been found on Torrent and streaming video sites. The Vidar software is engineered to exclude endpoints located in Russia, Belarus, Uzbekistan, Kazakhstan and Azerbaijan.
Malvertising attack mitigation calls for the implementation of standard endpoint security protocols. In addition, the website Malwarebytes released indicators that compromised companies should be aware of as they move to deal with the prospect of double attacks.
Dig Deeper on Endpoint protection and client security
Related Q&A from Nick Lewis
Cyberattacks often begin with a port scan attack, which attackers use to find exploitable vulnerabilities on targeted systems. Learn how they work ... Continue Reading
Monitoring process memory is one way to combat fileless malware attacks. Here's what you can do to protect your network against these campaigns. Continue Reading
A screaming channel attack is a new wireless threat making networks -- particularly those with IoT components -- vulnerable. Are there any safeguards... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.