Threat of the Week: Sentinel, LaZagne, and Some Phishing

July 20, 2018
Neil Glick
Cybersecurity - Threat of the week Proofpoint

Each week we host a Threat of the Week webinar featuring a high-level look at interesting threats to help security teams navigate the attack landscape. This week, we're going to focus on phishing, RATs, and LaZagne.

Malware, like the Sentinel keylogger and related exploit documents available for sale in underground forums, is often used as part of a multi-stage infection progression. In this case, actors kick off the process by sending a Microsoft Word document to the victim, encouraging them to open it. Upon opening the attachment, they will be asked if they want to enable macros.  The tragedy is macros can be very helpful programs created inside Word, Excel, etc., but nowadays they seem to only bring bad things.

After the macro is enabled, the Sentinel exploit document goes to work installing a remote access toolkit (RAT).  If complete control of your computer wasn’t good enough, the threat actors then install LaZagna, which steals your passwords and then they reconfigure your firewall to allow easier access to your computer.  I’ve heard of unwelcome house guests, but this malware moves in and gets comfortable.

We also take a closer look at a new phishing campaign focused on Stripe and Square payments.  As a vendor, taking payment is a critical portion of your business.  Money does make the world go around, does it not? 

Stripe and Square are technologies that help enable vendors, allowing them to receive payments from customers.  Fake websites are created with convincing graphics to fool victims into entering their credentials.  After an error message stating credentials were entered incorrectly, the victim is unaware that anything happened since the malware will send them back to the legitimate sites after they have entered in their credentials.  Once credentials are harvested, they can be used or sold later.

Remember, it’s all about the money.  And it’s much easier to convince a human to click on a link or open a file than it is to launch a frontal assault on a hardened firewall.

Learn more about these threats and how to best combat them by listening to the full webinar here.