fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Build Tool Abused To Deliver Password-stealing Malware

Microsoft Build Tool Abused To Deliver Password-stealing Malware

Threat actors are abusing the Microsoft Build Engine (MSBuild) to deploy remote access tools (RATs) and information-stealing malware filelessly as part of an ongoing campaign.

MSBuild (msbuild.exe) is a legitimate and open-source Microsoft development platform, similar to the Unix make utility, for building applications.

This development tool can build apps on any Windows system if provided with an XML schema project file telling it how to automate the build process (compilation, packaging, testing, and deployment.)

As Anomali’s Threat Research team observed, the malicious MSBuild project files delivered in this campaign bundled encoded executables and shellcode the threat actors used for injecting the final payloads into the memory of newly spawned processes.

“While we were unable to determine the distribution method of the .proj files, the objective of these files was to execute either Remcos or RedLine Stealer,” Anomali intelligence analysts Tara Gould and Gage Mele said.

Also Read: PDPA Compliance Singapore: 10 Areas To Work On

Focused on stealing credentials and other sensitive info

The attackers started pushing Remcos RAT, Quasar RAT, and RedLine Stealer payloads onto their victims’ computers last month in attacks that were still active Tuesday, two days before Anomali unveiled their research.

Once the RATs are installed on a targeted system, they can be used to harvest keystrokes, credentials, and screen snapshots, disable anti-malware software, gain persistence, and fully take over the devices remotely.

On computers where the attackers deployed the info stealer, the malware will scan for web browsers, messaging apps, and VPN and cryptocurrency software to steal user credentials.

RedLine can also collect and exfiltrate system information, cookies, and crypto wallet information from configuration files and app data stored on the victims’ devices.

Attack flow (Anomali Threat Research)

Fileless malware delivery helps evade detection

Using Microsoft’s legitimate MSBuild development tool enables the attackers to successfully evade detection while loading their malicious payloads directly into a targeted computer’s memory.

Malware samples used in this campaign are either not detected or detected by a very low number of anti-malware engines according to VirusTotal.

The fileless malware further decreases the chances that the attack is spotted since no actual files are written on the victims’ devices, with no physical traces of the payloads left on the infected devices’ hard drives.

Zero detections on VirusTotal (Anomali)

According to a WatchGuard Internet security report published at the end of March, fileless malware delivery has seen a massive increase between 2019 and 2020, skyrocketing by 888% based on a year worth of endpoint threat intelligence data collected by WatchGuard Panda products.

Also Read: What Does A Data Protection Officer Do? 5 Main Things

“The threat actors behind this campaign used fileless delivery as a way to bypass security measures, and this technique is used by actors for a variety of objectives and motivations,” Anomali concluded.

“This campaign highlights that reliance on antivirus software alone is insufficient for cyber defense, and the use of legitimate code to hide malware from antivirus technology is effective and growing exponentially.”

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us