We recently wrote about a group of Chinese hackers using Dropbox and WordPress to carry out sophisticated APT attacks. It worked by tricking employees into downloading an official-looking file that appeared to come from someone they knew – a file that in fact contained advanced malware designed to evade detection by conventional anti-virus products, and infect their network. A method known as spear phishing.
Well, if that wasn’t enough to worry about, ITProPortal.com is now reporting that as part of a new malware campaign, adversaries are sending out fake “Spear Phishing” emails that appear to come from Dropbox itself.
The emails, which claim to come from “The Dropbox Team,” prompt employees to click a button and reset their password. However, if they follow this instruction, employees wind up downloading malware that, according to AppRiver security researchers who discovered the campaign, is a new Zeus Trojan variant that steals confidential information and sends it to an adversary’s command and control server.
Also of importance to CISOs and other enterprise security professionals is that, according to AppRiver security analyst Jonathan French, some anti-virus products are failing to catch this specific Zeus Trojan variation, even though the Zeus family of Trojans has been around for years.
“The best thing users can do is make sure their anti-virus service is one that reacts to threats in real time and consistently updates all their software,” advises French. “Leaving your anti-virus out of date for even a few days could leave you helpless against new threats.”
While we agree that regularly updating software and anti-virus signatures is an important part of an overall network security system, what this latest Spear Phishing campaign clearly demonstrates is that 100% prevention is not an option. Adversaries are creating sophisticated new malware all the time — or sometimes just modifying existing malware to create new variations. There’s simply no way for updates alone to keep enterprises ahead of the massive wave of advanced malware that targets them on a daily basis.
As a result, enterprises need a network security solution like Seculert’s that incorporates Big Data Analytics to create the malware profiles and adopt machine learning algorithms, which detect known and unknown advanced threats inside and outside the network.
By focusing on detection, Seculert identifies actual communication between an enterprise’s security infrastructure and an adversary’s command and control server. This critical information allows IT teams to take swift action and put a stop to the threat — instead of being lulled into a false sense of security by their anti-virus products that tell them everything is fine. Indeed, things are hardly fine when all it takes for a network infection is for a co-worker down the hall to open a Spear Phishing email and click on an ordinary, safe-looking link.
To learn more about Seculert’s innovative solution that is designed to detect malware attacks like those carried out by this latest Dropbox Spear Phishing campaign, read our free White Paper, “Combating Advanced Persistent Threats through Detection.”
// ]]>
// ]]>
The post Dropbox Spear Phishing Campaign Deploys New Zeus Trojan Variant appeared first on Seculert Blog on Advanced Threats and Cyber Security.
