Security researchers at Bormium recently discovered over a dozen US-based servers being used to host and distribute 10 different strains on malware through large scale phishing campaigns. 

The servers under scrutiny are owned and operated by FranTech Solutions, a hosting provider that uses a data center out of Nevada. The malware hosted on these servers features five families of banking trojans, including Dridex and IcedIn, two families of ransomware, and three information stealers. 

Researchers believe there are two threat actors at play here - one responsible for email and hosting, and others in charge of operating the malware. The phishing campaign uses common social engineering tactics trying to trick recipients into running malicious VBA macros on an attached Word document, resulting in a covert malware download. 

Bromium believes that the US was chosen for this attack instead of a country more tolerant of malicious online activity in an effort to enable a higher success rate with the mainly US-based targets, claiming, "The HTTP connections to download the malware from the web servers are more likely to success inside organizations that block traffic to and from countries that fall outside of their typical profile of network traffic."

It's imperative that organizations have proper malware detection protections in place to protect critical assets from known threat and zero-day attacks. NNT Change Tracker Gen72 provides continuous protection and deep visibility into system changes, identifying ransomware and other types of dangerous malware before they can carry out an attack. 

NNT Suite of Products

change tracker gen7r2 logo

Combine industry leading Device Hardening, File Integrity Monitoring, Change Control, Configuration Management & Compliance Management into one easy to use solution that can scale to the most demanding environments!

fastcloud logo

Automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology) Integrity Assurance.

log tracker logo logo

Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds.

vulnerability tracker logo

Continuously scan and identify vulnerabilities with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

USA Offices
New Net Technologies LLC
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
1175 Peachtree St NE
Atlanta, Georgia, 30361.
Portland
4145 SW Watson, Suite 350
Beaverton, Oregon, 97005.

Tel: (844) 898-8358
email [email protected]
UK Office
New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire
AL5 2JD

Tel: 01582 287310
email [email protected]
CIS benchmarking SEWP Cybersecurity 500Sans Institute Now Certified
Copyright 2019, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.