Story image

Notorious cybercrime gang targeting Google Apps for C&C attacks

26 Jan 2017

Cybercrime gang “Carbanak” is now using Google infrastructure to act as a Command and Control (C&C) for weaponized documents, according to Forcepoint Security Labs.

Lab researchers found a trojanized RTF document that includes an encoded Visual Basic Script (VBScript), called the ‘ggldr’ script, that looks typical of Carbanak malware.

The new attack method infects users through a script that will send and receive commands both to and from Google Apps Script, Google Sheets and Google Forms.

Forcepoint says that it’s unlikely that organisations block these Google services by default, so attackers can easily establish a C&C – essentially hiding in plain sight.

“The Carbanak actors continue to look for stealth techniques to evade detection. Using Google as an independent C&C channel is likely to be more successful than using newly created domains or domains with no reputation,” says Nicholas Griffin on the company’s blog

The company says it has informed Google of the abuse and they have been working together to share more information. Forcepoint is also monitoring Carbanak’s activities.

The Carbanak gang was first discovered in 2015. They typically use targeted malware attacks to steal from financial institutions, but they have been branching out into distributing malware through weaponized office documents hosted on mirrored domains.

Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Ensign and IronNet partner to create cyber analytics capabilities
The Singapore-based joint venture will form a Cyber Analytics Center for Excellence focused on securing regional enterprises from sophisticated cyber threats.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.