This post was submitted by Klaus Kofler
There is another round of emails flooding inboxes of German, Austrian, and Swiss mail accounts. The subject provides an invoice number, which together with a customer number and a total sum in the floating text, all looks more or less okay to not-suspicious/everyday users.
The mail also includes a linked zip-file, which should be suspicious itself, but still, some in an organization will click on it. This simple click will start the downloading sequence and a series of malicious events.
Of course, you’ve likely heard about advanced malware/zero-day exploits/advanced persistent threats. There’s no lack of headlines related to these attacks, and this round of emails is simply that.
The zip file will bypass traditional IPS and antivirus solutions for the moment:
Using Barracuda Advanced Threat Detection (ATD), available with the most current version of the Barracuda NG Firewall, will prevent access to this file. Barracuda ATD includes next-generation cloud-based sandboxing which shows:
You can download the full report here.
More information on the Barracuda NG Firewall is available here.
More on the Barracuda Advanced Threat Detection is available here.
Want to test the Barracuda Advanced Threat Detection on your own? Upload your suspicious file right here.