A new version of the Nymaim malware family targets high-level managers with attached malicious Word documents and drops ransomware and banking trojans.
The cyber research team at Verint posted that this new version has upgraded its code to keep security tools from locating it and has advanced delivery methods.
The Nymain family originally surfaced in 2013 and has consistently evaded security teams by morphing its code. It went quiet for a time while their developers created a new version but over the past six months it has resurfaced stronger than ever with a 63 percent rise in attacks over 2015.
This most recent version offers brand-new features, particularly new delivery mechanisms, obfuscation strategies, and the use of PowerShell. The new blacklisting technology observes how a targeted computer communicates with the internet, and then verifies query results for names of popular security defenses. Technical Background details at: http://cyber.verint.com/nymaim-malware-variant/
What To Do About It
A prevention strategy for this threat would be to blacklist the IPs contacted by this malware at the firewall and blacklist the URLs at the proxy-level, so long as your network supports this kind of filtering. Next, have good endpoint protection, along with anti-phishing and web control capabilities, keep it all up-to-date, and of course step all employees through new-school security awareness training.
Preventing employees from falling for these types of social engineering attacks is a critical piece of your defense-in-depth. See how thousands of organizations create a "human firewall" that stands between you and a ransomware infection. Get a demo and see how this will drop your support tickets. And then find out how incredibly affordable the subscription is!
Don't like to click on redirected links? Cut & Paste this link in your browser: