There continues to be a lot of focus on ransomware and how it continues to infiltrate companies and institutions. But ignoring “good old-fashioned malware” — a catch-all term for a huge grab-bag of nasty stuff, including viruses, Trojans, spyware, worms, and more — can come at a price.
“With IT staffs being thin on company rosters and at MSPs, sometimes the resources get deployed to fend off ransomware or insider threats when there are still other threats that need to be monitored,” says Cecil Craig, a cybersecurity analyst in Phoenix.
Among those “other threats” are a variety of payloads. “And anecdotally, it seems like hackers are ramping up their efforts to breach systems using a variety of different techniques,” Craig says.
A round-up of recent headline-grabbing, non-ransomware malware incidents include:
Nullmixer: A new malware dropper that is infecting Windows devices with a dozen different malware families simultaneously through fake software cracks promoted on malicious sites in Google Search results. NullMixer acts as an infection funnel, using a single Windows executable to launch a dozen different malware families, leading to over two dozen infections running a single device.
“Malware like Nullmixer gives hackers a one-stop shop of sorts to deploy which can include password-stealing, and spyware,” Craig says. It can also drop Trojans, backdoors, spyware, bankers, fake Windows system cleaners, clipboard hijackers, and cryptocurrency miners according to published reports.
Chaos: An internet-of-things (IoT) malware that is making the rounds and targeting certain verticals, including the financial services industry. Cybercriminals are using Google’s Go programming language to zero in on certain IoT devices.
According to ZDNet, Chaos exploits known but unpatched vulnerabilities in firewall devices to gain a foothold in a network. These include critical remote code execution flaws affecting Huawei’s HG532 wireless routers for homes and small businesses (CVE-2017-17215) and a newer flaw in Zyxel’s routers (CVE-2022-30525).
“And this just an illustration of the IoT ecosystem as a whole. It represents a real weak spot in so many systems. MSPs need to remain vigilant in protecting and securing IoT entry points,” Craig says.
Erbium: “A serious threat” is what one analyst calls this new malware.
Laptop Magazine describes Erbium as “a data and information-stealing tool that targets your passwords, credit cards, cookies, cryptocurrency wallets, and possibly more. Due to its rapid spread and availability, it could be adapted in the future to infect users in new ways.”
PowerPoint Malware: Bleeping Computer has reported that hackers thought to be working for Russia have started using PowerPoint as a means of distributing malware.
“Like the hackers hiding malware in the Microsoft logo, this is another example of hackers trading in on the good name of a brand. Most people trust Power Point and wouldn’t think of it as a vehicle for delivering malware and that is where hackers leverage their skills,” Craig says.
The malware distribution comes from the movement of the mouse in the Microsoft PowerPoint presentations to trigger a malicious PowerShell script.
Government Jobs: TechRadar reports that cybercriminals are preying on job seekers in the United States and New Zealand to distribute Cobalt Strike beacons, but also other viruses and malware as well. Per Tech Radar:
Researchers from Cisco Talos claim an unknown threat actor is sending out multiple phishing lures via email, assuming the identity of the US Office of Personnel Management (OPM), as well as the New Zealand Public Service Association (PSA).
The email invites the victim to download and run an attached Word document, claiming it holds more details about the job opportunity.
“While not everyone who is searching for a job is desperate, a job-seeker might be focused on other things and be more easily fooled by something they might not be at another time,” Craig says. He says MSPs need to be holistic in their security approach, cast a wide net, and be on the look-out for all vulnerabilities.
“You may have successfully fended off a ransomware attack, but other attacks can be just as devastating and if you aren’t looking for them all, you are undermining your own effectiveness,” Craig says.
Kevin Williams is a journalist based in Ohio. Williams has written for a variety of publications including the Washington Post, New York Times, USA Today, Wall Street Journal, National Geographic and others. He first wrote about the online world in its nascent stages for the now defunct “Online Access” Magazine in the mid-90s.