Threat analysts have observed phishing attacks that use an advanced, stealthy approach to exfiltrate particularly large amounts of sensitive data. During the attack, the attacker downloads additional malware.
The approach is based on the use of an advanced infostealer malware that is able to collect PDF files and directories from most folders as well as browser information such as session cookies, stored credit card data, Bitcoin-related browser extensions, web logs and other information. The attackers then send the information as a compressed attachment to a remote email account.
Not just simple data theft
Infostealers do not typically collect and exfiltrate such a wide range of information. According to Barracuda experts, this type of attack begins with a phishing email that prompts the recipient to open an attached purchase order. The attachment contains a disk image file that contains another file that in turn downloads and executes a series of malicious payloads.
The final payload downloaded is the Infostealer, a cloaked and encrypted Python script that goes through various stages of decoding and decryption processes until the actual code of the script is executed. The Infostealer is then able to collect, compress and exfiltrate a variety of sensitive data to a remote email account.
"Most phishing attacks are associated with data theft, but this new approach aims for comprehensive data exfiltration based on a technically advanced infostealer," said Saravanan Mohan, Manager - Threat Analyst at Barracuda. "The volume and range of sensitive data that can be stolen in this way is enormous. Some of the data can then be used for further malicious actions, such as lateral movement within the compromised network or financial fraud. As cybercriminals continue to evolve their attack methods to steal sensitive data, it is important for organizations to remain vigilant and proactively improve their cybersecurity measures."
Comprehensive data exfiltration by infostealers
Effective security measures for businesses include implementing robust security protocols, continuously monitoring the network for suspicious activity, and - most importantly - educating employees on potential risks. These are the most important strategies to minimize the risks of data exfiltration. Email security solutions that offer multi-layered detection based on artificial intelligence and machine learning prevent this type of attack from reaching corporate email inboxes in the first place.
More at Barracuda.com
Via Barracuda Networks Striving to make the world a safer place, Barracuda believes that every business should have access to cloud-enabled, enterprise-wide security solutions that are easy to purchase, implement and use. Barracuda protects email, networks, data and applications with innovative solutions that grow and adapt as the customer journey progresses. More than 150.000 companies worldwide trust Barracuda to help them focus on growing their business. For more information, visit www.barracuda.com.