Law firms are being targeted by a large number of social engineering attacks involving the Gootloader malware delivery tool, according to researchers at Trustwave.
“Recently, we’ve seen a noticeable surge in malware cases linked to a malicious payload delivery system known as Gootloader,” the researchers write. “The group behind this malware is believed to operate a malware-as-a-service operation, exclusively providing a malware delivery service for other threat actors. This malware has gained notoriety due to its exploitation of compromised WordPress sites for malware distribution and its utilization of SEO (Search Engine Optimization) poisoning techniques to achieve high rankings in web search results.”
Trustwave found that 46% of these attacks are against law firms, due to the attackers’ tendency to use legal documents as bait.
“We collected a bunch of search queries that lead to the compromised websites and identified the keywords utilized by this malware group, revealing a predominant SEO keyword focus on legal documents such as ‘agreements,’ ‘contracts,’ and ‘forms,’” the researchers write. “This watering hole strategy theme appears to be successful - most cases we receive related to this malware are from our clients in law offices and legal firms. These are some of the SEO search terms utilized in this campaign. While the majority of the keywords are in English, the campaign also targets the French, Spanish, Portuguese, German, and South Korean languages.”
Gootloader is installed after a user is tricked into visiting one of the malicious sites and downloading a document.
“When visiting a poisoned link from the search engine result, the user will be directed to a page that mimics a forum,” Trustwave says. “This fake forum page employs social engineering tactics to entice the user to click on a direct download link for the desired document file. As the compromised WordPress website is under the control of malicious actors, a cloaking mechanism is employed to prevent loading for non-target users like security researchers, and other prying eyes.”
New-school security awareness training can teach your employees how to thwart social engineering tactics.
This 26-page manual is packed with actionable info that you need to prevent infections, and what to do when you are hit with ransomware. You also get a Ransomware Attack Response Checklist and Prevention Checklist. You will learn more about:
