It is almost the end of the year but cyber threat is still at its peak. Once again, researchers found a new malware campaign, called "Hornets Nest". But the surprising fact is this malware threat can drop six variants in one shot which includes cryptominers, infostealers, cryptostealer and an RDP backdoor. The researchers at the cybersecurity company Deep Instinct have discovered this malware attack. They believe that it is most probably designed only for enterprises.
Hornets Nest malware
Even though this campaign doesn't appear as sophisticated, it can deploy six malware exploits in one go. As mentioned in Deep Instinct's blog post the attack begins with the 'Legion Loader,' the malware dropper written in MS Visual C++ 8 shows numerous VM/Sandbox and other features to stay hidden but it lacks code obfuscation.
After the launch, the Legion Loader infects the user's machine with further malware which includes commercially available infostealers such as Vidar, Predator the Thief and Racoon stealer and cryptominer. The malware also manifests a built-in cryptocurrency stealer and RDP backdoor that assist to carry out further attacks.
The blog post revealed, "Every dropper in the campaign, which is simultaneously targeted at both the United States and Europe, is intended to deliver 2-3 additional malware executables and features a built-in file-less crypto-currency stealer and browser-credential harvester."
The threat actors
It should be noted that possibly because of the code obfuscation the campaign is not considered as sophisticated compared to say a zero-day. But the presence of cryptominer and cryptostealer indicates the intention of making quick money, while the infostealers would benefit the threat actors in the long run. But such a wide and strategic attack would be a nightmare for the enterprises.
Even though the origin of the attack is yet to be revealed, while analyzing this malware campaign, researchers found that the Legion Loader links to Russia. It was also found that in two major targets, US and Europe, every dropper throws more than two malware including cryptostealers and browser-credentials harvesters.
Companies are easy targets?
A few months ago it was revealed that the UK based small companies are collectively subject to almost 10,000 cyberattacks per day. One in five small companies accepted that it had been the victim of a data breach in the two years to January, while an average of over 9,000 cyber-attack incidents reported daily during the same period.
Later, The Cybersecurity Imperative, which is a new global thought leadership program mentioned in a report that many companies from all around the will boost cybersecurity investments by 34% in the next fiscal year owing to an alarming situation created by recent cyber-attacks, showing that one in 10 organizations invariably lose more than $10 million due to hacking or data breach, as they have decided to understand the importance of investing money into organizations' security.
