Research (from Juniper Threats Labs) on a New Pastebin-like service used in multiple malware campaigns identified several malware campaigns that rely on a Pastebin-like service for its infection chain (paste.nrecom.net). Attacks start as a phishing email and, when successful, download the next stage of the malware from paste.nrecom.net and load it into memory without writing to disk. The threat actors are using two techniques that make it harder for organizations to defend against their attacks: a) the use of encryption to download malicious payload – many organizations either do not have the means to decrypt traffic to inspect its content or just cannot do it because of regulation; and b) the use of common online services to hide malicious traffic, because organizations cannot block outright access to these services.
New pastebin-like service used in multiple malware campaign – Expert comments
Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics