<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=116645602292181&amp;ev=PageView&amp;noscript=1">

Threat Alert:

Valak

YELLOW_THREAT_ALERT_CR_ICONS-53

Threat Overview

cr-icon-threat-type
Threat Type
INFO STEALER
Target Industries
Target Industry
FINANCE, HEALTHCARE
cr-icon-attack-goal
Attack Goal
STEAL SENSITIVE DATA & DEPLOY MALWARE
cr-icon-impacted-geo
Impacted GEO
USA & GERMANY

What's Happening?

The Valak Malware is a sophisticated malware previously classified as a malware loader. Though it was first observed in late 2019, the Cybereason Nocturnus team has investigated a series of dramatic changes, an evolution of over 30 different versions in less than six months.

This research shows that Valak is more than just a loader for other malware, and can also be used independently as an information
stealer to target individuals and enterprises.

Read The Full Research

KEY OBSERVATIONS & TTPS


  • More recent versions of Valak target Microsoft Exchange servers to steal enterprise mailing information and passwords along with the enterprise certificate. This has the potential to access critical enterprise accounts, causing damage to organizations, brand degradation, and ultimately a loss of consumer trust.
  • Valak’s basic capabilities are extended with a number of plugin components for reconnaissance and information stealing.
  • Valak has evolved from a loader to a sophisticated, multi-stage modular malware that collects plugins from its C2 server to expand its capabilities. The Cybereason Nocturnus team has observed over 30 different versions in about 6 months.
  • Read the full length research here.

Remediation Steps

cr-icon-remediate-disable

Consider social engineering awareness and training, which are key in preventing such attacks.

Asset 3

Disable macros and install an endpoint protection solution to help mitigate similar attacks.

antivirus-01
Prevented & Detected by the Cybereason Defense Platform

CYBEREASON CUSTOMERS

We highly recommend every customer enable the following features:

  • If you do not have Cybereason NGAV activated, consider doing so to prevent against threats like these.
  • For Cybereason MDR customers, the Cybereason team will monitor and triage as well as assist in the mitigation of potential infections.

Download This Threat Alert

SUFFERED A BREACH?
TALK TO A SPECIALIST