Research (from Juniper Threats Labs) on a New Pastebin-like service used in multiple malware campaigns identified several malware campaigns that rely on a Pastebin-like service for its infection chain (paste.nrecom.net). Attacks start as a phishing email and, when successful, download the next stage of the malware from paste.nrecom.net and load it into memory without writing to disk. The threat actors are using two techniques that make it harder for organizations to defend against their attacks: a) the use of encryption to download malicious payload – many organizations either do not have the means to decrypt traffic to inspect its content or just cannot do it because of regulation; and b) the use of common online services to hide malicious traffic, because organizations cannot block outright access to these services.
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
