It has been reported today that security researchers have discovered two new malware families distributed through phishing campaigns last year from the Necurs botnet: ServHelper backdoor with two variants and FlawedGrace remote access trojan (RAT). The threat actor continues to target organisations in the financial and retail sectors, the researchers say, using Microsoft Word, Microsoft Publisher, and PDF files pull the malware on the victim computer host.
Experts comments below:
Boris Cipot, Senior Engineer at Synopsys:
“Backdoors and remote access Trojans distributed via botnet aren’t new concepts. Even though this type of attack vector is already well known, it still poses a real threat to firms around the globe.
This attack vector intends to manipulate the human element. Based on the targeted sectors, the attacker would not only be able to ideally gain access to monetary resources, but also personal identity data of their customers. As we saw from a variety of high-profile breaches that took place last year, this can endanger thousands if not millions of people.
Endpoint protections help in many cases, but not always. It is recommended to always have endpoint protection on the computer, but the user also has to be conscious about the threats that are disguised as documents from various sources. A healthy level of suspicion is always good to have. To achieve this, another important step is to educate employees. As potential targets, employees need to be aware of such attacks and also know how to prevent them. For example, don’t open files from unknown sources or any files that raise questions. Companies also need to implement measures to prevent files from downloading content in the background without the user knowing.”