Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    GreyEnergy Malware Spreads Through Phishing Emails

    GreyEnergy

    The GreyEnergy APT primarily uses phishing emails as its initial infection method, according to analysis by Nozomi Networks. The malware has been targeting industrial control systems in Ukraine and Eastern Europe for years, and uses tools that allow it to avoid detection within networks for extended periods of time.

    According to Alessandro Di Pinto, a security researcher at Nozomi Networks, the phishing emails contain a Word document that asks victims to “Enable Content.” Once this button is clicked, the malware begins its execution.

    The malware sample analyzed by Di Pinto was likely used for espionage campaigns rather than infecting industrial control systems. While malicious Word documents are a common mode of infection in attack campaigns, Di Pinto says that, in this case, the sophistication of the malware makes it stand out.

    “Having completed my analysis, it’s evident that the GreyEnergy packer does a great job of slowing down the reverse engineering process. The techniques used are not new, but both the tools and the tactics employed were wisely selected. For example, the threat actor chose to implement custom algorithms that are not too difficult to defeat, but they are hard enough to protect the malicious payload. Additionally, the broad use of anti-forensic techniques, such as the wiping of in-memory strings, underline the attacker’s attempt to stay stealthy and have the infection go unnoticed.”

    All of this takes place after a victim enables macros in the malicious Word document. The vast majority of security breaches start with phishing attacks because attackers know that phishing is as effective as it is easy to carry out.

    If just one employee falls for a scam, attackers can gain a foothold within the network. New-school, interactive security awareness training is an essential tool for organizations to give their employees the ability to identify phishing emails.

    KnowBe4's platform allows you to send simulated phishing attacks with Office documents attached, and you can see if an employee clicks on the "enable content" button, allowing malicious macros to execute. Infosecurity Magazine has the story: https://www.infosecurity-magazine.com/news/phishing-used-to-launch/

    Find out how affordable new-school security awareness training is for your organization. Get a quote now.

     
    Get A Quote
    Request A Demo
     

     

    Return To KnowBe4 Security Blog

    Topics: Phishing, Security Awareness Training

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews