Security researchers became aware of a new variant of Adwind jRAT, a remote access Trojan that uses Java to take control and collect data from a user’s machine–namely login credentials. Malware that takes advantage of common Java functionality is notoriously difficult to detect or detonate in a sandbox for the simple fact that Java is so common on the web. In fact, any effort to block or limit Java would result in much of the internet breaking down–a non starter for users who increasingly rely on rich web apps or SaaS platforms for their day-to-day responsibilities.
New jRAT/Adwind variant sends normal JAVA commands to appear legitimate https://t.co/gMFkcOHwI4 pic.twitter.com/QBk9r2CMmS
— Virus Bulletin (@virusbtn) October 30, 2019
The only way to quickly identify and block this sort of attack would be by using behaviour analytics to identify the anomalous behaviour, as well as the use of automation and orchestration to automatically block the transactions or traffic flow.
When attackers manage to hijack legitimate access rights, they can remain undetected for extended periods of time. Many organisations don’t have the ability to identify subtle behavioural anomalies that are indicators of cyber threats. But with advanced machine learning algorithms it’s possible to spot behaviours that are outside the range of normal activities and intervene before the damage is done.
Using behaviour analytics allows the businesses to quickly identify and remediate threats while searching for the compromised account(s) or machines.
The best defence against malware delivered via email and web is a combination of education and technology. An email gateway technology should always be in place. Organisations should start with their email provider and work from there.
Per device firewalls and malware detection tools may eliminate threats that make it past the first line. Employing password managers and forcing multiple factors of authentication can also slow down an attacker if they manage to get credentials.
Furthermore, running a malware scan will help pick up the known malware. The scanning tool will need to be maintained and updated in order to provide the most secure web presence. Many malware technologies successfully utilise masking and obfuscation to avoid detection. This may require logging and monitoring as well as regular scanning in order to detect and eliminate the threat.
If you can\’t disable Java, providing comprehensive security training to employees can significantly reduce the risk of a successful infection. Training people to only interact with PDFs and mails that they are expecting is the first and possibly most comprehensive way to block threats coming through that avenue.