Expert Comments

U.S. Govt Agency Hit With New CARROTBALL Malware Dropper

Expert(s): Security Experts
Expert(s): Security Experts

A new malware called CARROTBALL, used as a second-stage payload in targeted attacks, was distributed in phishing email attachments delivered to a U.S. government agency and non-US foreign nationals professionally affiliated with current activities in North Korea.

CARROTBALL came in a Microsoft Word document acting as a lure for the target, from a Russian email address. The topic was geopolitical relations issues regarding North Korea, Bleeping Computer reported.

Experts Comments

January 27, 2020
Erich Kron
Security Awareness Advocate
KnowBe4
Spear phishing has long been a tool of adversaries and cyber criminals, and a very effective one at that. This type of an attack is no surprise, however it is obvious that the attackers have a very focused audience in this case. We have seen similar attacks where the phishing email was sent in a foreign language along with a convenient link to translate it, which was actually a link to an infected site. These types of attacks are very effective against those who expect to see foreign themed.....Read More
Spear phishing has long been a tool of adversaries and cyber criminals, and a very effective one at that. This type of an attack is no surprise, however it is obvious that the attackers have a very focused audience in this case. We have seen similar attacks where the phishing email was sent in a foreign language along with a convenient link to translate it, which was actually a link to an infected site. These types of attacks are very effective against those who expect to see foreign themed messages due to the nature of their work. This is why educating people on how to hover over links in emails in order to find their real destination and how to spot the other red flags in phishing emails have never been more important. The use of FTP as a command and control channel reinforces the need to not only filter incoming internet traffic at the firewalls, but also limit and monitor outbound traffic to required services. FTP is a protocol that is not need by a majority of people, yet allows command and control channels as in this case, or more commonly, data exfiltration.  Read Less
January 27, 2020
Richard Bejtlich
Principal Security Strategist
Corelight
Because of the protocols used in this campaign, network security monitoring practitioners have a chance to gather the evidence they need to detect and respond to individual attacks. The intruders used file transfer protocol to transfer files that are executed as commands on victim systems. Because some network traffic analysis and monitoring systems log and parse FTP, and can extract the files transferred, defenders can leverage network forensics to identify the scope and nature of this.....Read More
Because of the protocols used in this campaign, network security monitoring practitioners have a chance to gather the evidence they need to detect and respond to individual attacks. The intruders used file transfer protocol to transfer files that are executed as commands on victim systems. Because some network traffic analysis and monitoring systems log and parse FTP, and can extract the files transferred, defenders can leverage network forensics to identify the scope and nature of this activity.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT

You may also like

DNA Testing Firm Discloses Data Breach Affecting 2.1 Million People

Data Hacked For 400,000 LA Patients

IKEA Suffering Ongoing “Reply-Chain” Email Attack

Cybersecurity Expert Reaction On UK’s Financial Regulator Scraps 90-day Authentication...

DNA Testing Firm Discloses Data Breach Affecting 2.1 Million People

Panasonic Becomes Latest Victim Of Data Breach – Security Expert...

Clearview’s £17 Million Fine For Processing 10+ Billion Images Is...

Booz Allen Report On CISOs And China Quantum Computing Risks,...

Experts Reactions On Sky Broadband Hack Warning

Ransomware Set To Break Records This Black Friday 2021

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts