New Malware — Agent Tesla Hits — Recovering Small Businesses


New Malware — Agent Tesla Hits — Recovering Small Businesses


As the United States and other areas around the world continue to deal with the wake of a second spike in COVID-19 cases, many individuals are left anxious and hungry for information relating to the ongoing pandemic. In turn, this uncertainty has provided hackers with the perfect environment to prey on these emotions and strike when victims are vulnerable.  

Despite prior world issues bringing about similar opportunities for cyber-criminals, the Federal Bureau of Investigation warns that current circumstances and our current reliance on technology has brought about a “breathtaking” number of new schemes at an incredible rate. 

Back in May of 2020, Rocket IT reported that researchers at prominent cybersecurity organizations like Reuters and Barracuda noticed a quick and extreme upward trend in COVID-centric scams once stimulus checks began to roll out across the US. Of the methods cybercriminals were using to deliver these devastating attacks, phishing was and continues to be the most effective tool in gaining access to personal information and digital assets.  

What Is Phishing? 

In its most basic form, phishing is a confidence scam, usually over email, where an attacker pretends to be a reputable authority. In turn, recipients of these emails feel confident completing the action asked of them; such as clicking a link, downloading a file, or completing a financial transaction. 

Regardless of the action requested, phishing emails appear legitimate; sometimes even using the language and imagery found in standard communication from the person or organization from which the email appears to be from. In turn, individuals feel comfortable completing the request and ultimately compromising critical information. 

A New Risk for Small Business 

Although many of the phishing scams deployed earlier in the pandemic were hyper-focused on stimulus check scams and personal assets, the reopening of the economy has provided cybercriminals with a reignited focus on successful small businesses. 

In a recent statement from Senator Jim Risch, his team of researchers estimate 43% of all cyberattacks involve small business victims. The reason for this huge polarity? Senator Risch’s team conclude that small businesses are under the age-old impression that “it won’t happen to me”. Many times, it can be easy to believe that small businesses are less attractive than their Fortune 500 counterparts. And many owners may be under the impression that the payout of hitting a small business is far less than what a cybercriminal would receive for targeting a multi-million dollar corporation. But what many individuals don’t take into account is that giant business entities tend to spend countless dollars protecting their network and the information housed inside. So, rather than hyper-focusing on a single large fish, cybercriminals cast a wide net into an ocean of small businesses with potentially outdated security measures. 

At the end of the day, it’s no secret that many small businesses aren’t prepared to defend against a cyberattack, and criminals understand that to the fullest extent. In a report published by VOX, 83% of small business owners don’t have a contingency plan in place to deal with security threats, meaning even the smallest of attacks can be a threat to their business. As a result, cybersecurity organizations have begun warning small business owners of the newly tailored phishing attacks crafted to hit businesses on the verge of recovering from the recent economic fallout. In turn, Cybercrime Magazine reports that 60% of all small businesses hit by a cybersecurity attack close their doors within six months of being attacked. For the businesses that do survive, Vox argues that 83% owners are the ones to single-handedly pick up the pieces, without the support of an IT department. 

Keeping that in mind, you may be curious to know of the best method to keep your business afloat. Small businesses not only need to implement security plans, but make sure they have the means to regularly update these plans to prevent new attacks. Unfortunately, a study from the Ponemon Institute reveals that 71% of small businesses do not follow such suggestions and instead remain vulnerable to these frequently changing attacks. 

So, what is a new attack that’s recently hit the cybersecurity front you may ask? For that, we have to turn to a recent report run by Sentinel Labs. Known as Agent Tesla, this newly updated malware has been prevalent threats in the early half of 2020. And although the virus may have been out in the wild for some time now, a recent update to its code has provided hackers with a new method to gain victims’ login credentials from popular web browsers, VPNs, and email clients. Discovered in 2014, Agent Tesla is no newcomer to the malware scene, but the most recent pandemic has peaked interest in the software once again, say experts at Sentinel Labs. So much so, that the malware now ranks in the top 10 of ANY.RUN’s malware trend tracker as of August 10, 2020. 

What Is Agent Tesla? 

At its core, Agent Tesla is a keylogger that is spread primarily through phishing campaigns. And as many areas in the US are experiencing a new spike in COVID-19 cases, hackers using Agent Tesla are continuing to send emails crafted to appear as though they are from reputable knowledge sources, such as the World Health Organizations. In particular, Sentinel Labs has noticed recent campaigns asking recipients to open a seemingly normal Microsoft Word Document. Once the attached file is downloaded, the malware exploits two known vulnerabilities within Word; providing hackers with remote access into the device. But this isn’t the only reported use-case for Agent Tesla. Broadly speaking, the malware has been known to steal Wi-Fi passwords, aggregate information from clipboards, collect system configurations, and even disable standard anti-virus applications. 

Although there are many variaties of malware hackers can use to steal information from unsuspecting victims, what’s made Agent Tesla a long-standing favorite with underground hacking groups? Simply put, Agent Tesla is a subscription-based malware, providing those who license it with a management panel to easily view and manage their illegally collected data. But a well-coded program such as this should be expensive, right? Surprisingly, hackers looking to run their phishing campaigns through Agent Tesla only need to spend a total of $12 a month. Oh, and should they run into any technical problems; no worries! Agent Tesla has a team of dedicated support technicians to help hackers effectively implement the malware management system. While Agent Tesla is not the most sophisticated of attacks to hit the cybersecurity world, it’s safe to say that its convenience factor, its regular updates, and broad use-case will continue to ensure its popularity.  

How to Protect a Small Business From Malware 

Despite Agent Tesla’s wide adoption in the hacking realm, there are quite a few strategies businesses can implement to protect against this looming threat as they continue to recover from the recent economic fallout. As mentioned previously, Agent Tesla seeks to hit employees within successful organizations; both small and large. In turn, it’s crucial to implement four security measures to mitigate the risk of a successful attack. 

Security Training: Some organizations conduct regular security awareness training to understand current phishing threats and how to spot them. In particular, these training sessions go over new email spoofing techniques, how to detect fake URL links, and grammatical errors to look for when reviewing an email’s content. 

Phishing Testing: Take what is learned in the security training step and practice its ability to halt phishing attempts. By deploying a phishing testing and training platform, such as the one found here, organizations can send fake emails to see where vulnerabilities lie within the company. That said, extra emphasis should be placed on those in financial positions during this testing phase, ensuring they have the ability to fully realize when they’re being phished. 

Endpoint Detection and Response: Traditional antivirus software tracks and blocks known viruses based upon the unique signatures that each carry. With new ransomware being developed daily, it’s impossible for these programs to update their lists to account for new threats in a timely manner. To make things worse, new versions of Agent Tesla have been known to bypass standard antivirus software and completely disable it without individuals ever knowing. To protect against this threat, endpoint detection and response services track unusual behaviors that many individuals are not likely to make on their devices. Should something look suspicious, EDR software halts these actions and immediately reports the findings to a business’ security lead for review. 

Quarterly Security Strategy Meetings: As threats change, so too should your defenses to protect against them. Auditing your network and making regular changes can be a complex task that requires knowledge of server security, business continuity, response planning, and other areas. By holding quarterly meetings between organizational leaders and members of the business’ IT department, an organization can develop new strategies to address current threats and deploy technologies to protect against them. 

Although the ongoing pandemic presents a lot of uncertainty for businesses and individuals alike, it also serves as a good opportunity to explore cybersecurity options and how they can positively impact your team. Should you have any questions regarding new initiatives to help keep your small business running strong despite current world events, we encourage you to reach out to a member of Rocket IT by calling 770-441-2520 or by submitting a message using the contact form found below. 

Posted in , ,