This Stealthy Hacking Campaign Uses a New Trick to Deliver Its Malware

Just when you thought data security couldn’t get more complicated, hackers are now using a newer, even more sophisticated method for accessing data with malware. Symanetic has recently uncovered a never-before-documented dropper to install malware. A dropper is simply a helper-type program that stays under the radar and facilitates the installation of malware. 

How it Works 

Symanetic is calling the group linked to the threat “Cranefly” and dubbing the malware “Geppei.” Geppei works by reading commands from what seems like a harmless Internet Information Services (IIS) log.  

IIS logs are part of Windows servers and are typically used for troubleshooting problems with website applications. With Geppei, it installs another piece of backdoor malware and other tools to tap into data on the IIS. According to investigators, they’ve never before seen attacks that abuse IIS logs. 

How the attack starts is still being investigated. However, victims are becoming infected with this new form of malware, which is then used to deliver another form of malware that covertly accesses machines and reads commands from a legitimate IIS log.   

The hackers can then send their own commands with the web server disguising them as actual, legitimate requests. IIS logs them as “normal” and the malware reads them as commands. Yet, it contains malicious encoded files that are then saved in folders that operate as backdoors. 

The hackers can spend all the time in the world inside the networks of the victims – all without ever being detected. They take steps, including installing backdoors on appliances like wireless access point controllers, to ensure they remain undetected and are able to continue to gather data and intelligence.   

What You Can Do 

This creation of Geppei, a custom malware tool, brings the skill of hackers to a new level. As a result, it poses a danger to any organization with sensitive data that needs to be protected.  

To ensure your company isn’t at risk, be sure to adopt a cybersecurity strategy that is multi-layered with detection and protection technologies. 

To keep records safe, turn to a company like Happy Faces Records Management. We can keep your most important documents protected from prying eyes and in compliance with government regulations.  

We also offer scanning and document destruction services to make it simple to keep data secure – all without worry. Contact us today to get started.  

Leave a Reply

  • (will not be published)