Watch Out! Cybersecurity and Infrastructure Security Agency Warn of New VBA Attack Designed to Deploy KONNI Remote Administration Tool

malware attack warning A new alert from CISA outlines just how dangerous and intrusive the KONNI malware is in organizations that fall for phishing attacks using Word attachments with malicious VBA code.

The latest warning from the U.S. governments Cybersecurity and Infrastructure Security Agency (CISA) should have you worried. New phishing attacks are deploying KONNI malware – a remote administration tool that performs a number of very valuable and malicious functions once installed that include:

  • Establishes persistence on infected endpoints
  • Bypasses Windows’ User Account Control “AlwaysNotify” setting when elevated permissions are used
  • Collects data about the username, machine name, IP address, and keystrokes of the user (which will eventually include passwords)
  • Steals profile and credentials from web browsers
  • Takes screenshots
  • Has its own FTP service to exfiltrate collected data
  • Uses HTTP for remote command and control

Once this RAT hits your network, the bad guys know everything about the infected machine and user. And because they have the ability to launch commands locally, there is little the RAT can’t do that the user can.

Organizations need to be seriously worried about attacks involving KONNI; the possibilities of how the collected data could be misused are massive. The data collected provides contextual details that can be used in social engineering attacks, email addresses impersonate those the compromised user commonly interacts with, and access to internal systems.

You can’t possibly read about KONNI and not worry. Organizations need to implement Security Awareness Training to stop phishing attacks that use malicious attachments just like KONNI does by teaching users to see the attacks for what they truly are, and to not fall for their conniving scams.

Request A Demo: Security Awareness Training

products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!

Request a Demo!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews