In part one, we examined how threat actors abuse a OneNote document to install an infostealer. Part 2 of this series discusses an AsyncRAT infection chain while detailing important parts of the code. We’ll also quickly analyze other notable malware strains such as Qakbot and RemcosRAT.
Threat actors are taking advantage of Microsoft OneNote's ability to embed files and use social engineering techniques, such as phishing emails and lures inside the OneNote document, to get unsuspecting users to download and open malicious files. Once clicked, an attacker can use the embedded code for various malicious purposes, such as stealing data or installing ransomware on victims' systems.
Ransomware is a form of malicious software (malware) that restricts access to computer files, systems, or networks until a ransom is paid. In essence, an offender creates or purchases ransomware, then uses it to infect the target system. Ransomware is distributed in several ways including, but not limited to, malicious website links, infected USB drives, and phishing emails. Once infected, the offender encrypts the device and demands payment for the decryption key.
The purpose of the Netskope Threat Labs News Roundup series is to provide enterprise security teams an actionable brief on the top cybersecurity news from around the world. The brief includes summaries and links to the top news items spanning cloud-enabled threats, malware, and ransomware.
Dole PLC is a massive agricultural company headquartered in Dublin, Ireland. Dole has several offices and production facilities in the United States and supplies food products in 75 separate countries. The company maintains a staff of over 38,000 employees and offers more than 300 different products throughout the world.
Malware as a Service is the unlawful lease of software and hardware from the Dark Web to carry out cyber attacks. The threat actors who use this service are provided with botnet services and technical support by the MaaS owners. This service opens doors to anyone with minimal computer skills to use and distribute pre-made malware. The data that is stolen is often sold to the highest bidder or left for the service subscribers. MaaS is an illegal version of Software as a Service (SaaS).
Dish Network is one of the largest American television providers in the country today, offering television service through a direct-broadcast satellite network. The company serves more than 7.4 million customers and maintains over 16,000 employees to keep everything running properly. This huge broadcast network recently suffered from a ransomware attack that interrupted its broadcast service and may have exposed its customers as well.
