Track Common Adversary Tasks Performed Using Agent Tesla

 









To know more about it, you can go through my detailed document by clicking here










Overview

Agent Tesla is an advanced spyware Remote Access Trojan (RAT) written for the .NET framework and has been active seen 2014. It can easily steal sensitive information from an infected machine and collect data like keystrokes as well as login credentials used in various browsers while also mailing clients linked with the victim's machine. 

Tactics & Techniques

As stated above, this malware spreads through phishing emails and once it enters into the system, it hides itself with the help of various techniques which makes it difficult to detect it before any damage. After the successful breach, Agent Tesla extracts all the information related to search engines like login credentials, keystrokes, screenshots, etc. in order to compromise the users' accounts. It main targets are the industries related to energy, logistics, finance, government sector, etc.

Prevention

In order to mitigate the risks related to Agent Tesla, we can perform following steps:
  • Anti-Phishing Protection- As this malware attacks via phishing emails, we can apply anti-phishing solutions that can analyze as well as detect the malicious contents within an isolated environment.

  • Content Disarm & Reconstruction (CDR)- This one basically filters or sanitize the files before allowing them to enter the user's inbox, thus protecting it against any malfunctions.

  • Endpoint Detection & Response- Since it is very difficult to identify this malware before it reveal itself, the endpoint security solutions can easily destroy the malware once it is revealed.

  • Multi-Factor Authentication (MFA)- As we all know by now, MFA makes it nearly impossible for threat actors to make use of any stolen credentials. 

  • Zero Trust Access Management- This one can successfully limit the damage done by the malware via an infected account.

  • User Behavior Monitoring- Regular monitoring of an account's behavior will significantly help in identifying a compromised user account.

  • Employee Security Training- It is very crucial to make cybersecurity awareness training essential for the employees to identify and respond accordingly during a breach situation in order to minimize the risks related to these attacks. 












To know more about it, you can go through my detailed document by clicking here















































































Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)