Research (from Juniper Threats Labs) on a New Pastebin-like service used in multiple malware campaigns identified several malware campaigns that rely on a Pastebin-like service for its infection chain (paste.nrecom.net). Attacks start as a phishing email and, when successful, download the next stage of the malware from paste.nrecom.net and load it into memory without writing to disk. The threat actors are using two techniques that make it harder for organizations to defend against their attacks: a) the use of encryption to download malicious payload – many organizations either do not have the means to decrypt traffic to inspect its content or just cannot do it because of regulation; and b) the use of common online services to hide malicious traffic, because organizations cannot block outright access to these services.
Malicious actors have been evolving rapidly, adopting commercial tools and business models to their own ends, and the recent research from Juniper Threat Labs shows exactly that. By leveraging legitimate web services, attackers make it more difficult to balance business needs with their own security.
As malicious actors become more sophisticated, organizations are forced to up their own game, improving their processes, tools, and user education, to make it harder for the attackers to get in and reach their targets. For example, tools like multi-factor authentication can thwart account compromise, while advanced behavioral analytics can identify and stop attacks that breach the perimeter.