Mylobot is the name given to a new malware strain that appears to be targeting enterprise servers across the United States. According to information security firm Deep Instinct, Mylobot has the characteristics of malicious code that could be used to infect computers for the purpose of recruiting them into a botnet; further intentions by the hacking team behind this new malware are not clear at this time, but it seems to be acting as preamble to remote code execution.
DANGERS OF PARTICULAR MALWARES
What is interesting about Mylobot is that researchers have identified three distinct and advanced techniques to avoid detection, which suggests a sophisticated level of development and operation. The trace signatures of this new malware have some connections to Locky, a particularly devastating ransomware attack that wreaked global havoc in 2017. One of the features of Mylobot is that it refuses to be easily transferred to a sandbox environment, which is called “virus vault” by some network security specialists. This is malware that is coded in a way that prevents debugging and also executes code from RAM instead of doing so from hard drive storage, a technique that has emerged among hacking circles in recent years.
The first actions taken by Mylobot consist of blocking Windows Update and security solutions at the operating system level. The next step is to go into a dormant state for a couple of weeks, and this is designed to throw off system administrators. Once Mylobot awakens, it attempts to connect to command and control servers operated by cybercrime groups for the purpose of building a botnet.
PROTECTING BUSINESSES FROM CYBERATTACKS
In the past, intricate malware such as Mylobot has been deployed in order to launch keyloggers and ransomware; the most common targets are banks and financial firms. Botnets can also be used to launch distributed denial-of-service attacks, which are often meant to disrupt business continuity. DDOS attacks are increasingly being used to make political statements or as a form of cyber warfare.
Mylobot is not an amateur operation. The first evaluation of its botnet revealed more than 1,400 domains that point to servers located around the world. Some of these domains have been linked to Russian cybercrime outfits associated with the Kremlin, but this does not necessarily mean that Mylobot is part of a cyber warfare campaign.
Small business owners in the High Desert should make sure that their endpoint protection systems are operational and up-to-date. Mylobot could be the beginning of a new era of sophisticated malware.