Press releases

10-Mar-2022

Protection against new attack technique "OneDrive as Command & Control Server"

While on the one hand cyberattacks such as Ransomware-as-a-Service are easy to acquire and execute on the darknet even for tech laymen, on the other hand more and more technically sophisticated cyberattacks are becoming known.

Cybersecurity_product-picture_Browser-in-the-box.jpg

For example, the new attack technique discovered by Trellix Threat Labs that uses OneDrive as a command & control server. A command & control server is the central computer that sends commands to a so-called botnet and then receives the returned reports from the selected computers. According to Trellix Threat Labs, the attack most likely targeted government officials and people from the defense industry in West Asia.

The attack went as follows: the victim receives a spear phishing email and starts executing an Excel download. This exploited a known vulnerability in Microsoft's proprietary browser engine for Internet Explorer, MSHTML, with CVE-2021-40444, to execute a malicious file in memory. Malware was then deployed to use OneDrive as a command & control server - a technique that is also new to the Trellix Threat Lab team.

R&S®Browser in the Box, the virtual browser with network separation, also protects against such a technically adept attack. Firstly, because Microsoft Office no longer has Internet access due to the all-encompassing network separation. Secondly, other virus variants do not stand a chance, because the solution does not rely on reactive detection and defense, but on proactive isolation. To achieve this, the operating system and browser, as well as the Internet and local network, must be separated from each other. Only then does intruding malware remain enclosed in the virtual environment and cannot spread on the computer and in the local network. Direct access to the Internet for malware is thus also proactively blocked and data tapping is prevented. Users of the virtual browser can surf the Internet in full despite strict Internet separation, and existing workflows remain intact. R&S®Browser in the Box was developed on behalf of the German Federal Office for Information Security (BSI) and, like solutions approved by the BSI, meets particularly strict specifications and high security standards.

Press & media contact

Uwe Greunke
Responsible for Marketing, Division Networks & Cybersecurity
uwe.greunke@rohde-schwarz.com

Rohde & Schwarz

Rohde & Schwarz is striving for a safer and connected world with its Test & Measurement, Technology Systems and Networks & Cybersecurity Divisions. For over 90 years, the global technology group has pushed technical boundaries with developments in cutting-edge technologies. The company's leading-edge products and solutions empower industrial, regulatory and government customers to attain technological and digital sovereignty. The privately owned, Munich based company can act independently, long-term and sustainably. Rohde & Schwarz generated net revenue of EUR 2.93 billion in the 2023/2024 fiscal year (July to June). On June 30, 2024, Rohde & Schwarz had more than 14,400 employees worldwide.


R&S® is a registered trademark of Rohde & Schwarz GmbH & Co. KG.

Networks & Cybersecurity

With its subsidiaries LANCOM Systems, Rohde & Schwarz Cybersecurity, and Rohde & Schwarz SIT, the group has bundled its expertise in one division. Know-how that is needed to become the largest provider of network and cybersecurity technology for companies, public authorities, and organizations in Europe.

Related solutions and product groups

Request information

Do you have questions or need additional information? Simply fill out this form and we will get right back to you.

Marketing permission

Your request has been sent successfully. We will contact you shortly.
An error is occurred, please try it again later.