Seven days of risk – the story behind a file-based malware attack

by | Jan 11, 2023 | Thought leadership

One of the biggest advantages of implementing Glasswall CDR is that it enables organizations to be proactive in preventing file-based security breaches.

Without it, reactive security technologies, such as antivirus and sandboxing solutions, can leave networks vulnerable to new and zero-day malware variants for days or even weeks before they are updated to close the protection gap.

The risks are very real. In one recent attack identified and sanitized by Glasswall CDR, a new malware variant went undetected for a full seven days before any other security vendor found it was malicious. This is how it worked:

 

Graphic about a malware hidden in a pdf

The malware was hidden within a PDF file attached to an email, which was sent to a small number of users within the target organization.

 

 

Graphic about trust

It relies on the trust people often placed in PDFs, with many people believing them to be inherently ‘safe’ because the file contents can’t be immediately manipulated by the recipient.

 

 

Graphic of keylogger

 

Once opened, it installs a Trojan on the victim’s computer. It does so by using MITRE attack tactics, including privilege escalation and defense evasion, to deliver the malicious content – in this case, most likely a keylogger.

 

 

Graphic of information forwarding to various IPs

The information it gathers is forwarded to a range of IP addresses, many of which are intended to look benign in order to evade detection by firewall technologies and security teams.

 

 

Illustration of a bomb

 

By activating only after the PDF document is closed, it is also designed to evade detection by sandboxing technologies.

 

 

Graphic about sharing information

As a result, it has the potential to compromise both corporate and personal accounts alongside their associated data.

 

 

This general approach to delivering malware has been used by bad actors for many years. What’s changed recently is that their tactics are becoming more refined and sophisticated, utilizing more covert methods to precisely target potential victims rather than using scattergun distribution.

Crucial to defeating this potentially dangerous malware incident was Glasswall’s ability to proactively close the protection gap left by reactive cybersecurity technologies.

Our market-leading zero-trust file CDR solution treats all files (Microsoft Office Documents, PDF, etc.)  as untrusted — validating, rebuilding and cleaning each file to a safe and compliant standard — automatically removing potential threats. This simple approach ensures every document entering or leaving the organization is safe, allowing users to access files with full confidence.

To find out more about how Glasswall CDR can protect your IT infrastructure and data against file-based threats, click here.

 

Related

What are file-based threats?

What is zero-trust file protection?

How does Glasswall CDR work?

Why Glasswall CDR?

Learn about the simple way to protect against sophisticated file-based threats.

Use Cases

Secure Email

File Uploads and Downloads

Malware Risk Removal

Metadata Removal

Cloud Native Integrations

Data Migrations

SDK Integration

Resource Library

Blog

Events

support lines

Support

strategic alliances

About our Partner Program

Our Partners

Become a Partner

Bringing File-based threat protection to your customers

Offer a richer security portfolio with the most agile CDR platform on the market. Stand out from the competition with a partner program built for you. Let’s make files safer together.

About Glasswall

Our People

Careers

Patents

communication

Contact Us

support lines

Support

Raising the bar on file security

We believe people should be free to open their files without fear. To click on anything without risk of catastrophe. To use systems the way they were meant to be used. That’s why we’re raising the bar on file security at Glasswall.