Intelligints Publishes Research on Advanced Cyber Attack Footprint
- Dow hits milestone, S&P breaks record high on tech rally
- Thermo Fisher Scientific (TMO) to Acquire PPD, Inc. (PPD) for $47.50/sh, $17.4 Billion
- U.S. retail sales post largest gain in 10 months; weekly jobless claims fall
- Dell (DELL) Gains on Spin-Off of its 81% Stake in VMware (VMW), Analysts Bulled-Up as It Could Unlock $20 Per Share of Value for DELL
- The Stock Market is Almost 'Completely Broken' - Einhorn
Get inside Wall Street with StreetInsider Premium. Claim your 1-week free trial here.
-Attack might go undetected in your organization’s systems-
IRVINE, Calif.--(BUSINESS WIRE)-- Intelligints, a leading cybersecurity organization specializing in security related services worldwide, has announced today the identification of an advanced cyberattack that might go undetected in your IT environment. Intelligints’ SOC is issuing this research and findings so that organizations and security teams are aware of this type of attack.
The exploit starts with email phishing or through unpatched Windows systems. Then, through iexplore.exe, requests are made to an external IP to download a file (size 2.91 KB) which includes root certificates and certain scripts to modify the Windows system registry. The scripts go through the registry to find out what software is installed on the target system and credentials in the environment, then call the system API to communication with the outside command server. By installing the root certificate on the compromised system, it makes it look like a trusted certificate and the malware/attack goes undetected by a number of EPP/EDR tools.
"iexplore.exe" wrote bytes "4068bdf3fe070000" to virtual address "0xFF29BEA8" (part of module "OLE32.DLL")
The malware will then create a guarded memory region as identified in Intelligints’ labs (anti-debugging trick to avoid memory dumping):
Details “iexplore.exe” is protecting 8192 bytes with PAGE_GUARD access rights
Source API Call
Intelligints’ IDR team performed network traffic forensics on the communication and found traffic being initiated outside the compromised network to certain domains with “onion” protocols and others used in command-and-control code execution on victim systems.
Intelligints has identified the dll’s replaced on victim systems and recommends a careful approach to eradicate it without causing system corruption. Also, ensure you have up to date backups in case something goes wrong. Clone the impacted system and attempt replacing the dll’s and test business apps/functionality. This malware eradication needs both Administrator and System permissions to write code into virtual address. So, proceed carefully.
Intelligints LLC is a leading provider of Cybersecurity and Information Security services for enterprises concerned about their security posture. Intelligints offers a range of services covering penetration testing, code reviews, managed security services and 24x7x365 SOC, Incident Detection/Response and forensics. Intelligints approaches each customer’s security based on risk exposure/factor.
Intelligints is headquartered in Irvine, California. For more information, visit www.intelligints.com.
(833) 337-3287 (833 33 SECURE)
Source: Intelligints LLC
Serious News for Serious Traders! Try StreetInsider.com Premium Free!
You May Also Be Interested In
- iCloudModel Wants to Revolutionize the Photoshoot for Fashion E-commerce
- Invitation: Scanfil Plc to publish January-March 2021 interim report on 23 April 2021
- CloudCommerce’s Artificial Intelligence (AI) Solution Outperforms Client Expectations in Recent Test
Create E-mail Alert Related CategoriesBusiness Wire, Press Releases
Sign up for StreetInsider Free!
Receive full access to all new and archived articles, unlimited portfolio tracking, e-mail alerts, custom newswires and RSS feeds - and more!