A brand new type of attack has been discovered by cybersecurity researchers after being used by Russian cybercriminals to target HR departments at various companies. The malware, named BlackSanta, is categorized as an “EDR Killer,” meaning it is designed to evade and disable cybersecurity monitoring and defense systems.
What We Know
This new attack vector was revealed about by tech firm Aryaka. While the exact method of attack remains unclear, researchers believe it likely involves social engineering, with attackers reportedly disguising ISO files containing resumes to trick HR departments into installing the malware. When employees extract the ISO file, they are presented with a PDF that is actually a disguised Windows shortcut, which executes malware hidden within the same ISO. Once the malware is run, it begins scanning the system for sandboxes and other security mechanisms.
Endpoint Detection & Response (EDR) solutions continuously monitor live activity, connections, logs, and any other indicators of abnormal behavior, responding immediately to potential threats. As an EDR killer, BlackSanta is specifically designed to remain undetected while simultaneously disabling these protections. Once fully established, the malware communicates with the attackers’ endpoints over HTTPS, allowing them to siphon data from the compromised systems.
Conclusion
While EDR software is highly sophisticated, the delivery method of this attack is surprisingly simple. Attackers target HR departments because they are a common entry point. HR teams frequently receive resumes, but embedding a resume inside an ISO file is highly unusual. Who normally shares documents in ISO files attached to emails? With proper employee training, file analysis, and stronger digital literacy, this attack could be rendered almost entirely ineffective, no matter how advanced the malware itself.
0 Comments