January 11, 2023

Seven days of risk – the story behind a file-based malware attack

One of the biggest advantages of implementing Glasswall CDR is that it enables organizations to be proactive in preventing file-based security breaches.

Without it, reactive security technologies, such as antivirus and sandboxing solutions, can leave networks vulnerable to new and zero-day malware variants for days or even weeks before they are updated to close the protection gap.

The risks are very real. In one recent attack identified and sanitized by Glasswall CDR, a new malware variant went undetected for a full seven days before any other security vendor found it was malicious. This is how it worked:

Graphic about a malware hidden in a pdf

The malware was hidden within a PDF file attached to an email, which was sent to a small number of users within the target organization.

Graphic about trust

It relies on the trust people often placed in PDFs, with many people believing them to be inherently ‘safe’ because the file contents can’t be immediately manipulated by the recipient.

Graphic of keylogger

Once opened, it installs a Trojan on the victim’s computer. It does so by using MITRE attack tactics, including privilege escalation and defense evasion, to deliver the malicious content – in this case, most likely a keylogger.

Graphic of information forwarding to various IPs

The information it gathers is forwarded to a range of IP addresses, many of which are intended to look benign in order to evade detection by firewall technologies and security teams.

Illustration of a bomb

By activating only after the PDF document is closed, it is also designed to evade detection by sandboxing technologies.

Graphic about sharing information

As a result, it has the potential to compromise both corporate and personal accounts alongside their associated data.

This general approach to delivering malware has been used by bad actors for many years. What’s changed recently is that their tactics are becoming more refined and sophisticated, utilizing more covert methods to precisely target potential victims rather than using scattergun distribution.

Crucial to defeating this potentially dangerous malware incident was Glasswall’s ability to proactively close the protection gap left by reactive cybersecurity technologies.

Our market-leading zero-trust file CDR solution treats all files (Microsoft Office Documents, PDF, etc.)  as untrusted — validating, rebuilding and cleaning each file to a safe and compliant standard — automatically removing potential threats. This simple approach ensures every document entering or leaving the organization is safe, allowing users to access files with full confidence.

To find out more about how Glasswall CDR can protect your IT infrastructure and data against file-based threats, click here.

Book a demo

Talk to us about our industry-leading CDR solutions

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.