Red Mosquito - Blog
Microsoft Warning on Astaroth Malware
Microsoft has recently issued a security warning. Their Windows Defender ATP team have discovered hackers are distributing Astaroth malware using fileless techniques. This makes Astaroth very difficult to detect as traditional anti-malware or anti-virus software tools search for infected files. So, they would not catch Astaroth, simply because it does not infect files. Astaroth malware is spread through a huge spam email campaign. The emails contain a link to a website, which if you double- clicked, would run legitimate Windows tools. These are then used to download and communicate additional code, without saving any files. The attack ends with the Astaroth Trojan being downloaded. At this point, it would collect sensitive data and upload it to a remote server. This technique is know as “living off the land” as it uses existing system tools to do all the work.
It’s worth noting that the majority of these attacks are discovered in Brazil and the URL received in the initial email uses some Portuguese terminology ie certida.htm (Portuguese for certificate), abrir_documento.htm (open document), pedido.htm (order).
What can you do to protect your system against attack?
Although challenging to detect, these fileless threats are not invisible. Microsoft advice is to make sure your Windows 10 and Windows Defender Firewall are up to date.
Office 365 users who have Advanced Threat Protection in place, will be relieved to know that it does detect the spam emails, with malicious links, which try to introduce the malware to your system. However, ATP does not come as standard with Office 365, it is optional additional service, which has a small per user fee. We strongly recommend all of our IT Support customers have ATP in place. It is a powerful tool which brings an additional layer of protection to your system. We always recommend a layered approach to cyber security and ATP is a key element of this.
If you need advice on making sure your system is cyber- secure, contact us today, and one of our Technical Consultants will be in touch to help.
RedMosquito provide IT Support and IT Security Services thoughout Glasgow, Edinburgh, Scotland and the UK.
How will AI impact cyber security threats in 2025
As we approach 2025, the integration of AI in cyber security is set to revolutionise threat detection and response, but it also opens new avenues for sophisticated cyber attacks.
Understanding the Microsoft Outages: What You Need to Know
Explore the recent Microsoft outages, their impact on services, and what steps you can take to mitigate such disruptions.
Crafting a Robust Disaster Recovery Plan for SMEs
Discover how to shield your SME from catastrophic data losses with a comprehensive disaster recovery plan.
AI Revolution: Transforming UK Businesses with Microsoft Copilot
Explore the transformative power of Microsoft Copilot in revolutionising UK businesses and driving growth and efficiency.