Secure CyberCity against a rising tide of cyberattacks
Grandoreiro Banking Trojan Resurfaces, Organizations Urged to Bolster Defenses
The notorious Grandoreiro banking trojan has reemerged in a series of global campaigns, targeting over 1,500 banks across 60 countries.
In light of these renewed threats, organizations, particularly those in the financial sector, are advised to take immediate steps to enhance their cybersecurity measures.
What is Grandoreiro Banking Trojan?
Grandoreiro, a Windows-based malware, is primarily distributed through phishing emails containing malicious attachments or links.
Once installed, it operates as a typical banking trojan, stealing sensitive financial information such as login credentials and account details.
Recent campaigns have seen Grandoreiro leverage Microsoft Outlook clients on infected hosts to spread further phishing emails, significantly amplifying its reach.
Additionally, the trojan has undergone updates to its string decryption and domain generating algorithm (DGA), making it more difficult to detect and block.
In response to these developments, cybersecurity experts recommend organizations review the following recommendations:
How Organizations Can Protect Themselves
#1. Exercise caution with emails and PDFs prompting a file download
Employees should be vigilant when opening emails or PDF attachments, especially those from unknown or suspicious sources.
Verify the legitimacy of the sender and the content before downloading or executing any files.
#2. Monitor network traffic
IT teams should monitor network traffic for multiple consecutive requests to http://ip-api.com/json, a known indicator of Grandoreiro infection.
#3. Block pre-calculated DGA domains
Consider blocking pre-calculated Domain Generation Algorithm (DGA) domains via DNS to prevent the malware from communicating with its command-and-control servers.
#4. Monitor registry Run keys
Regularly monitor the following registry Run keys for suspicious entries, as they are often used by Grandoreiro for persistence:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
#5. Install and configure endpoint security software
Deploy robust endpoint security solutions capable of detecting and blocking Grandoreiro and other malware threats.
#6. Update network security monitoring rules
Keep network security monitoring rules up-to-date to identify and alert on suspicious activity related to Grandoreiro infections.
#7. Educate staff
Conduct regular security awareness training to educate employees about the risks of phishing attacks and the tactics used by Grandoreiro.
Grandoreiro Banking Trojans in summary
The resurgence of Grandoreiro serves as a stark reminder that the cyber threat landscape is ever-evolving. It’s a call to action for all organizations to remain vigilant and proactive in their cybersecurity efforts.
Don’t wait for an attack to happen. Take the necessary steps now to protect your sensitive information and critical systems.
Remember, an ounce of prevention is worth a pound of cure in the digital world. Stay safe and secure.
ALSO READ:
Remote Access Trojans: What You Need to Know and How to Protect Yourself
What is a computer virus and how do you protect your computer from viruses?