Track Common Adversary Tasks Performed Using AutoIt backdoor
To know more about it, you can go through my detailed document by clicking here
Overview
AutoIt backdoor malware is extensively used by the threat actors responsible for MONSOON campaign via weaponized .pps files exploiting CVE-2014-6352. It generally uses the legitimate scripting language for Windows GUI automation with the same name.
How Does it Works?
After its successful launch, the AutoIt script firstly installs its own version of file and generate its copy in the same directory, while also generating persistence via a shortcut added to the startup directory. The malware then easily installs its hidden copies on all the removable drives which are connected to the infected system, thus ensuring its spread to the other machines as well. This malware's techniques and tactics make it a significant threat to especially those companies who frequently uses removable media in the workplace and must practice regular security hygiene.
Prevention
The following methods will help in securing your network effectively:
- Restrict as well as secure the frequent use of removable media, USB functionality, or tools like PowerShell.
- Monitor the network, servers, gateways, etc. for any kind of anomalous behaviors and indicators like C&C communication or information leakage.
- Scanning device with features like device control can also be used to prevent the accession of USB and optical drives, thus helping in eradicating any type of potential threat.
To know more about it, you can go through my detailed document by clicking here
Comments
Post a Comment