sb-nz logo
Story image

Notorious cybercrime gang targeting Google Apps for C&C attacks

26 Jan 2017

Cybercrime gang “Carbanak” is now using Google infrastructure to act as a Command and Control (C&C) for weaponized documents, according to Forcepoint Security Labs.

Lab researchers found a trojanized RTF document that includes an encoded Visual Basic Script (VBScript), called the ‘ggldr’ script, that looks typical of Carbanak malware.

The new attack method infects users through a script that will send and receive commands both to and from Google Apps Script, Google Sheets and Google Forms.

Forcepoint says that it’s unlikely that organisations block these Google services by default, so attackers can easily establish a C&C – essentially hiding in plain sight.

“The Carbanak actors continue to look for stealth techniques to evade detection. Using Google as an independent C&C channel is likely to be more successful than using newly created domains or domains with no reputation,” says Nicholas Griffin on the company’s blog

The company says it has informed Google of the abuse and they have been working together to share more information. Forcepoint is also monitoring Carbanak’s activities.

The Carbanak gang was first discovered in 2015. They typically use targeted malware attacks to steal from financial institutions, but they have been branching out into distributing malware through weaponized office documents hosted on mirrored domains.

Story image
22 billion records exposed from breaches in 2020 — report
The research also found that 35% of the breaches recorded by Tenable were caused by ransomware attacks, while 14% of breaches stemmed from email compromises.More
Story image
Cybercriminals leverage AI to sustain attacks on enterprises
What is less discussed is how cybercriminals are taking advantage of those very same technologies to automate their attacks, too.More
Story image
Check Point exposes Android malware vendor using dark net to rebrand products
Check Point security researchers have exposed an Android malware vendor using a marketer on the dark net to rebrand its products, with the intention of supercharging business and throwing off security vendors. More
Story image
IronNet expands Asia Pacific presence with new strategic partnership
“The combination of M.Tech’s extensive network in Asia Pacific and our unparalleled expertise in threat intelligence and detection will help more enterprises across the region to proactively identify and take down known and unknown threats before they happen.”More
Story image
Hornetsecurity acquires Altaro, the latest in acquisition spree
The move is a culmination of a medley of acquisitions made by Hornetsecurity recently, following the January 2019 acquisition of Spamina, a Spanish cloud email security company, as well as EveryCloud, its British market partner, in early 2020.More
Story image
APAC secure content management market to hit $2.2 billion by 2024
The proliferation of cloud-based deployments will largely drive this, the report says, as the COVID-19 pandemic motivates more enterprises to move their workloads to the cloud and rely more on the internet. More