Sponsored: Attackers Leverage Non-Malware Attack Methods
Increasingly, cyber attackers have been utilizing "non-malware" attack methods, including Excel, PowerShell and DNS, to target vulnerable organizations.
Increasingly, cyberattackers have been leveraging “non-malware” attack methods to target vulnerable organizations. Recently, the Carbon Black Threat Research Team was alerted about such an attack by a partner’s incident response (IR) team. The attack ultimately compromised accounts and stole research and intellectual property.
In this specific attack, a malicious Excel document was used to create a PowerShell script, which then used the Domain Name System (DNS) to communicate with an Internet Command and Control (C2) server.
This attack method prompts three key questions for organizations looking to defend themselves against non-malware attacks, namely:
- How is the organization ensuring that carrier files (malicious PDFs, Office documents, etc); phishing/spear phishing campaigns; and/or drive-bys are not successful?
- How is the organization monitoring for these threats (i.e. – How can it improve detection?)
- How do we, as defenders, get better at recognizing when legitimate tools are being used for nefarious purposes?
To answer these questions, it’s important to understand the backstory of how this malicious document was used.
