Cybereason warns Valak malware is a sophisticated threat to enterprises

Cybereason has unveiled new research from its Nocturnus Research team. Titled Valak: More than Meets the Eye, the report is an investigation into an info stealing, data siphoning malware hitting hundreds of enterprises in the United States and Germany. The sophisticated malware, discovered in late 2019, collects and steals sensitive information from the Microsoft Exchange mail system, including credentials and the domain certificate and uses evasive techniques to avoid detection and has evolved from being a malware loader into an information stealer.

To date, more than 30 versions of the malware have been found, revealing tremendous improvements in a very short period of time. Valak contains a fileless stage in which it uses the registry to store different components, it collects user, machine, and network information from infected hosts, can check the geo-location of the victim’s machine and take screenshots of infected machines.

Other key findings:

Targeting enterprises: More recent versions of Valak target Microsoft Exchange servers to steal enterprise mailing information and passwords along with the enterprise certificate. This has the potential to access critical enterprise accounts, causing damage to organisations, brand degradation, and ultimately a loss of consumer trust.

Rich modular architecture: Valak’s basic capabilities are extended with a number of plugin components for reconnaissance and information stealing.

Fast development cycles: Valak has evolved from a loader to a sophisticated, multi-stage modular malware that collects plugins from its C2 server to expand its capabilities. The Cybereason Nocturnus team has observed over 30 different versions in about six months.

Designed for stealth: Valak uses advanced evasive techniques like ADS and hiding components in the registry. In addition, over time the developers of Valak chose to abandon using PowerShell, which can be detected and prevented by modern security products.

“Over the course of six months, Valak’s developers made tremendous progress and released more than 30 versions of the malware. Each time, they extended the malware’s capabilities and added evasive techniques to improve its stealth. Valak has at least six plugin components that enable attackers to obtain sensitive information from its victims. The threat actor behind Valak is collaborating with other criminals across the E-Crime ecosystem to create an even more dangerous piece of malware,” said Assaf Dahan, Senior Director, Head of Threat Research, Cybereason.

Cybereason warns Valak malware is a sophisticated threat to enterprises

Tags

Related Posts

Cybersecurity Skills Shortage Is Ranked as the Biggest Risk to MSPs and Their Clients

Spire Solutions to Highlight AI and Cloud in Cybersecurity at GISEC 2024

Dr. Erdal Ozkaya Named USA’s Country Ambassador by Global CIO Forum

EC News Desk

Latest from Blog

IFS Accelerates Industrial AI Reality with Release of IFS Cloud 24R2

Mastercard Boosts Saudi Arabia’s Digital Payment Ecosystem with Local Tech Launch

Qualys Debuts Industry’s First Risk Operations Center (ROC) in the Cloud

A10 Networks Outlines Blueprint to Secure and Deliver AI Applications and Help Increase Cyber Resilience

Rapid Growth and AI-Driven Cybersecurity Solutions

Zscaler’s Annual Ransomware Report Reinforces the Need for Zero Trust in Healthcare, Education and the Public Sector

Gartner Forecasts 85 Million Electric Vehicles Will Be on the Road by End of 2025

GBM and Splunk Partner to Drive Digital Innovation and Strengthen Cybersecurity Offerings in the Gulf

BCG Riyadh Expands to New, Larger Office Space, Reinforcing Long-Term Commitment to Saudi Arabia

Sophos to Acquire Secureworks to Accelerate Cybersecurity Services and Technology for Organizations Worldwide

Suggestions

Cybereason warns Valak malware is a sophisticated threat to enterprises

Tags

Related Posts

Latest from Blog

Don't Miss