Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Emotet Starts Dropping Cobalt Strike again for Faster Attacks

Emotet Starts Dropping Cobalt Strike again for Faster Attacks

Right in time for the holidays, the notorious Emotet malware is once again directly installing Cobalt Strike beacons for rapid cyberattacks.

For those not familiar with Emotet, it is considered one of the most widespread malware infections and is distributed through phishing emails that include malicious attachments.

Historically, once a device becomes infected, Emotet will steal a victim’s email to use in future campaigns and then drops malware payloads, such as TrickBot and Qbot.

However, earlier this month, Emotet began to test installing Cobalt Strike beacons on infected devices instead of their regular payloads.

Also Read: 7 Useful Tools On How To Find Company Contact Information

Cobalt Strike is a legitimate pentesting tool that threat actors commonly use to spread laterally through an organization and ultimately deploy ransomware on a network.

This test was brief, and the threat actors soon went back to distributing their typical payloads.

Emotet resumes Cobalt Strike installs

Last week, the Emotet threat actors suspended their phishing campaigns, and since then, researchers have not seen any further activity from the group.

“Spamming stopped last week on Thursday, and since then, they have been quiet with very little of ANYTHING going on until today.” Joseph Roosen of the Cryptolaemus Emotet group told BleepingComputer.

However, Cryptolaemus is now warning that starting today, the threat actors have once again begun installing Cobalt Strike beacons to devices already infected by Emotet.

Roosen told BleepingComputer that Emotet is now downloading the Cobalt Strike modules directly from its command and control server and then executing them on the infected device.

With Cobalt Strike beacons directly installed by Emotet, threat actors who use them to spread laterally through a network, steal files, and deploy malware will have immediate access to compromised networks.

This access will speed up the delivery of attacks, and with it being right before the holidays, it could lead to numerous breaches since enterprises now have limited staff to monitor for and respond to attacks.

Also Read: 3 Easy Ways for Hard Disk Recycling Protecting Businesses

C2 communications disguised as jQuery

In a sample of the Cobalt Strike beacon shared with BleepingComputer, the malware will communicate with the attacker’s command and control servers through a fake ‘jquery-3.3.1.min.js’ file.

Each time the malware communicates with the C2, it will attempt to download the jQuery file, which will have a variable changed with new instructions each time, as shown by the highlighted text in the image below.

Cobalt Strike C2 traffic disguised as a jQuery JavaScript file
Cobalt Strike C2 traffic disguised as a jQuery JavaScript file

As most of the file is legitimate jQuery source code, and only some content is changed, it blends into legitimate traffic and makes it easier to bypass security software.

The rapid deployment of Cobalt Strike through Emotet is a significant development that should be on the radars of all Windows and network admins and security professionals.

With this increased distribution of beacons to already infected devices, it is anticipated that we will see an increased number of corporate breaches and ultimately ransomware attacks right before or during the holidays.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us