The Cloud Consultancy Europe Ltd.
+44 (0) 203 637 6667 [email protected]

A ZLoader campaign, promoted through fake TeamViewer ads placed on Google Adwords, implements malware that disables all Microsoft Windows Defender security software modules, according to SentinelOne research.

The attacks are noteworthy for MSPs and MSSPs — many of which may use Google Search to seek out and evaluate remote control software such as TeamViewer to remotely manage customer systems.

The typical infection, according to the SentinelLabs research team at SentinelOne, occurs as follows:

  • A user performs a search on www.google.com to find a website to download software. In this case, SentinelLabs searched for “team viewer download”.
  • The user clicks on an advertisement shown by Google and is redirected to the fake TeamViewer site under the attacker’s control.
  • The user is tricked into downloading the fake software in a signed MSI format.
  • Once the user clicks on the advertisement, it will redirect through the aclk page. This redirect demonstrates the attackers usage of Google Adwords to gain traffic.

ZLoader is a banking trojan that implements web injection to steal cookies, passwords and any sensitive information, SentinelOne says. It has also been used to deliver ransomware families like Egregor and Ryuk, SentinelOne adds.

How to Defend Against Ransomware Attacks

To mitigate the risk of ransomware attacks, the FBI and CISA say you should take these seven steps:

  1. require multi-factor authentication (MFA);
  2. implement network segmentation;
  3. scan for vulnerabilities and keep software updated;
  4. remove unnecessary applications and apply controls — and be sure to investigate any unauthorized software, particularly remote desktop or remote monitoring and management software;
  5. implement endpoint and detection response tools;
  6. limit access to resources over the network, especially by restricting RDP; and
  7. secure user accounts.

 

Source: MSSP Alert

Protect your environment from Ransomware attacks.

Educating yourself and your employees with Cyber Security Awareness Training is the best way to start ensuring your business is protected from cyber-attacks.

Learn more about how The Cloud Consultancy can address and manage your businesses Cyber Security headaches. We can now provision boutique, pro-active, IT support services 24/7/365