This advanced new malware strain leaves you practically defenceless
source link: https://www.techradar.com/news/this-advanced-new-malware-strain-leaves-you-practically-defenceless
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
This advanced new malware strain leaves you practically defenceless
By
published about 1 hour ago
WinDealer gathers an "impressive" amount of data, Kaspersky warns
(Image credit: Image Credit: Geralt / Pixabay)
An extremely potent malware, delivered in a way that’s immune to most cybersecurity (opens in new tab) measures, was discovered infecting high-profile Chinese individuals.
Cybersecurity researchers from Kaspersky have discovered malware they call WinDealer, distributed and used by a Chinese Advanced Persistent Threat (APT) actor called LuoYu. WinDealer, the researchers say, is capable of collecting “an impressive amount” of information. It can view and download any files stored on the device, as well as run a keyword search on all the documents.
To deliver the malware to the target endpoint (opens in new tab), the attackers perform a man-on-the-side attack, essentially hijacking in-transit network traffic.
Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.
Racing with the server
When the victim tries to access a certain resource on the internet (for example, open their LinkedIn account), they need to send a request to the server, to open the page. This request is the type of traffic that the attackers can intercept and read, and then try to deliver malicious content before the server responds with the legitimate site.
Kaspersky describes the method as a “race” with the legitimate server, the only difference being - the attacker has as many attempts to deliver malicious content as they want. In order to successfully infect a target endpoint, the attacker needs no interaction with the victim, whatsoever.
Targets are mostly high-profile organizations and individuals in China, the researchers further claim. Foreign diplomatic organizations established in China, members of the academic community, defense, logistics, and telecommunications companies, are all listed as potential targets. Besides China, Kaspersky researchers have also mentioned targets in Germany, Austria, the US, the Czech Republic, Russia, and India.
All of the targets are using Windows as their operating system of choice.
Besides being difficult to spot, the malware (opens in new tab) is also difficult to block. Usually, this type of malware contacts a command & control (C2) server for instructions, and simply blocking the IP address of the server would be enough to neutralize the threat. WinDealer, on the other hand, relies on a complex algorithm that generates IP addresses (48,000, Kaspersky says), making blocking impossible.
The only way to defend against such an attack is to route the traffic through another network, for example with a VPN. However, having a VPN in China is easier said than done.
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Recommend
-
88
Cuckoo Filter Practically better than Bloom Filter. Cuckoo filters support adding and removing items dynamically while achieving even higher performance than Bloom filters. For applications that store many items and target moderately low...
-
195
Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HTTP headers to let a user agent gain permission to access selected resources from a server on a different origin (domain)…
-
8
Technically right but practically wrong for the classroom I've received some feedback on my multihead classroom computer post. I got a couple of messages which reminde...
-
15
印度STEM教育平台Practically宣布完成400万美元B轮融资_VR陀螺
-
7
题目与翻译 1004 Counting Leaves 数树叶 (30分) A family hierarchy is usually presented by a pedigree tree. Your job is to count those family members who have no child. 一个家族的等级通常是由...
-
6
𝐷𝑟. 𝐼𝑎𝑛 𝐶𝑢𝑡𝑟𝑒𝑠𝑠 on Twitter: "@gmourao To show iso-frewuency performance. It's very common, practically a de-facto standard if you follow this industry, to show new semi-con technology differences."Don’t miss what’s happeningPeopl...
-
6
’Ratchet and Clank: Rift Apart’ review: A practically flawless PlayStation 5 exclusiveThe best traits of modern Sony titles are manifest in “Ratchet and Clank: Rift Apart.” It is the greatest exclusive title for a PlayStation p...
-
6
POSTED ON JULY 9, 2021 TO Core Data, Data Infrastructure,
-
2
GLOBAL THREAT China fires hypersonic nuke...
-
8
How to setup a practically free CDN I've been using Backblaze for a while now as my online backup service. I have used a few others in the past. None were particularly satisfactory until Backb...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK