category filters go here

Microsoft Warning on Astaroth Malware

Microsoft has recently issued a security  warning.  Their Windows Defender ATP team have discovered hackers are distributing Astaroth malware using fileless techniques.  This makes Astaroth very difficult to detect as traditional anti-malware or anti-virus software tools search for infected files.  So, they would not catch Astaroth, simply because it does not infect files.    Astaroth malware is spread through a huge spam email campaign.  The emails contain a link to a website, which if you double- clicked, would run legitimate Windows tools.  These are then used to download and communicate additional code, without saving any files.  The attack ends with the Astaroth Trojan being downloaded.  At this point, it would collect sensitive data and upload it to a remote server.   This technique is know as “living off the land” as it uses existing system tools to do all the work.

It’s worth noting that the majority of these attacks are discovered in Brazil and the URL received in the initial email uses some Portuguese terminology ie certida.htm (Portuguese for certificate), abrir_documento.htm (open document), pedido.htm (order).

What can you do to protect your system against attack?

Although challenging to detect, these fileless threats are not invisible. Microsoft advice is to make sure your Windows 10 and Windows Defender Firewall are up to date.

Office 365 users who have Advanced Threat Protection in place, will be relieved to know that it does detect the spam emails, with malicious links, which try to introduce the malware to your system.  However, ATP does not come as standard with Office 365, it is optional additional service, which has a small per user fee.   We strongly recommend all of our IT Support customers have ATP in place.  It is a powerful tool which brings an additional layer of protection to your system.  We always recommend a layered approach to cyber security and ATP is a key element of this.

If you need advice on making sure your system is cyber- secure, contact us today, and one of our Technical Consultants will be in touch to help.

 RedMosquito provide IT Support and IT Security Services thoughout Glasgow, Edinburgh, Scotland and the UK. 


Is outdated technology costing your business money?

Is outdated technology costing your business money?  Unlike fine wine technology does not age well.  The rapid pace of change and short life cycle of some technology can lead many businesses to become overwhelmed with the prospect of change.    Older legacy systems may appear to still function well on the surface but unseen risks will develop below.  It may be tempting to turn a blind eye […]

What is two factor authentication?

For many years now, users have gained access to secure computing services by entering a user name and password.  This common everyday action for all of us, is called single factor authentication. While this approach has worked for a long time, it has now fallen prey to cyber criminals.  The surge in phishing attacks alongside […]

Cyber Essentials and Secure Configuration

  Cyber Essentials Certification requires 5 key cyber security controls to be in place.  This series of articles focuses on each control individually.  Today we are looking at: Secure Configuration  You can find an introduction to Cyber Essentials here. What is secure configuration?  Secure configuration is reached by choosing the most secure settings for your devices and software and managing […]