Russian hackers are back at it. This time with a new malicious software that is, once again, so stealthy you won’t even know it’s there. If you’ve kept up with the news, or read our blog before, you will have heard of the Russian hacking group “Fancy Bear”. In October 2018 they made headlines with malware that was termed LoJax; it embedded itself into the firmware of a computer and became hard to find, and harder to remove once there. This time, it is believed that they’re back with a new malware named “Cannon” by the Cybersecurity firm, Palo Alto Networks.
What is Cannon?
According to the firm, “In late October and early November 2018, Unit 42 intercepted a series of weaponized documents that used a technique to load remote templates containing a malicious macro. These types of weaponized documents are not uncommon but are more difficult to identify as malicious by automated analysis systems due to their modular nature.”
The Cannon attack (like many) started with a phishing email, but with this attack the emails contained a Microsoft Word document. The malware was hard to detect by security software because there was no malicious content within it. Once the document was opened and the user “enabled content”, however, the document downloaded a remote template that contained the malicious code. It would then install two programs, one of them Cannon, all behind the scenes and unknown to the user. Once installed, the program could send information from the machine and possibly receive more malicious software to install on the device.
News of this malware comes less than 1 week after Reuters reported that Russians were “impersonating U.S. State Department employees in an operation aimed at infecting computers of U.S government agencies, think tanks, and businesses”. In this attack, emails were sent that encouraged the recipient to download malicious documents, allegedly from a State Department Official. Once access was granted by the recipient of the document opening it, the hacker would have access to their systems. The suspect of these attacks is a group known as APT29 who work for SVR Russian Foreign Intelligence.
Disasters like these can’t always be prevented. Like we are seeing with the Cannon attack, there was nothing malicious in the documents, which made it difficult for security software to detect. Now that Palo Alto Networks is aware of the malware and has published what they know, security software can more accurately detect it. As far as prevention goes, all that can really be done is to keep security software up to date. Beyond that, train your employees to ensure that they are aware of security protocols, and that they know to never open an email from an unknown or untrusted sender. Employees are the first line of defense, and security software is the failsafe to hopefully detect the malware before it infects that device, or possibly your whole network of devices.
Security today seems unattainable but is more important now than ever. To protect your business from a complete disaster you should partner with a fully-managed Disaster Recovery as a Service (DRaaS) provider. A reputable DRaaS provider can’t guarantee that your business won’t get struck by disaster, or attack, but it will keep your data safe by maintaining backups should a disaster strike. And unfortunately, these days a disaster is likely to strike your business at some point. Whether it’s malware, ransomware, Mother Nature (power outages cost more than $150 billion annually to the United States economy), or human error, one could strike at any moment, and from any direction.
Are you looking to protect critical data? At DSM, Florida’s predictable cloud provider, we make sure that our clients data remains safe from any threat. If you have questions about cybersecurity and how we can protect your business, reach out. With the increase in malicious and accidental data disasters, make sure that you are prepared for the worst.