Red Mosquito - Blog

Microsoft has recently issued a security  warning.  Their Windows Defender ATP team have discovered hackers are distributing Astaroth malware using fileless techniques.  This makes Astaroth very difficult to detect as traditional anti-malware or anti-virus software tools search for infected files.  So, they would not catch Astaroth, simply because it does not infect files.    Astaroth malware is spread through a huge spam email campaign.  The emails contain a link to a website, which if you double- clicked, would run legitimate Windows tools.  These are then used to download and communicate additional code, without saving any files.  The attack ends with the Astaroth Trojan being downloaded.  At this point, it would collect sensitive data and upload it to a remote server.   This technique is know as “living off the land” as it uses existing system tools to do all the work.

It’s worth noting that the majority of these attacks are discovered in Brazil and the URL received in the initial email uses some Portuguese terminology ie certida.htm (Portuguese for certificate), abrir_documento.htm (open document), pedido.htm (order).

What can you do to protect your system against attack?

Although challenging to detect, these fileless threats are not invisible. Microsoft advice is to make sure your Windows 10 and Windows Defender Firewall are up to date.

Office 365 users who have Advanced Threat Protection in place, will be relieved to know that it does detect the spam emails, with malicious links, which try to introduce the malware to your system.  However, ATP does not come as standard with Office 365, it is optional additional service, which has a small per user fee.   We strongly recommend all of our IT Support customers have ATP in place.  It is a powerful tool which brings an additional layer of protection to your system.  We always recommend a layered approach to cyber security and ATP is a key element of this.

If you need advice on making sure your system is cyber- secure, contact us today, and one of our Technical Consultants will be in touch to help.

 RedMosquito provide IT Support and IT Security Services thoughout Glasgow, Edinburgh, Scotland and the UK.