Protection against new attack technique "OneDrive as Command & Control Server

Protection against new attack technique "OneDrive as Command & Control Server"

While on the one hand cyberattacks such as Ransomware-as-a-Service are easy to acquire and execute on the darknet even for tech laymen, on the other hand more and more technically sophisticated cyberattacks are becoming known. For example, the new attack technique discovered by Trellix Threat Labs that uses OneDrive as a command & control server. A command & control server is the central computer that sends commands to a so-called botnet and then receives the returned reports from the selected computers. According to Trellix Threat Labs, the attack most likely targeted government officials and people from the defense industry in West Asia.

The attack went as follows: the victim receives a spear phishing email and starts executing an Excel download. This exploited a known vulnerability in Microsoft's proprietary browser engine for Internet Explorer, MSHTML, with CVE-2021-40444, to execute a malicious file in memory. Malware was then deployed to use OneDrive as a command & control server - a technique that is also new to the Trellix Threat Lab team.

R&S®Browser in the Box, the virtual browser with network separation, also protects against such a technically adept attack. Firstly, because Microsoft Office no longer has Internet access due to the all-encompassing network separation. Secondly, other virus variants do not stand a chance, because the solution does not rely on reactive detection and defense, but on proactive isolation. To achieve this, the operating system and browser, as well as the Internet and local network, must be separated from each other. Only then does intruding malware remain enclosed in the virtual environment and cannot spread on the computer and in the local network. Direct access to the Internet for malware is thus also proactively blocked and data tapping is prevented. Users of the virtual browser can surf the Internet in full despite strict Internet separation, and existing workflows remain intact. R&S®Browser in the Box was developed on behalf of the German Federal Office for Information Security (BSI) and, like solutions approved by the BSI, meets particularly strict specifications and high security standards.

Contact Us

Vous avez des questions ou besoin d'informations supplémentaires ? Remplissez simplement ce formulaire et nous vous recontacterons rapidement.

Marketing de permission

Je souhaite recevoir des informations de Rohde & Schwarz via

Qu'est ce que cela signifie en détail ?

Je reconnais que les entités ROHDE & SCHWARZ GmbH & Co. KG et ROHDE & SCHWARZ ou toute autre société subsidiaire mentionnée au sein de ce site Internet, peuvent me contacter par le moyen de leur choix (email ou courrier) pour des raisons marketing et publicitaires (par exemple pour des informations sur des offres spéciales et des promotions) en relation avec, mais pas uniquement, des produits et des solutions dans les domaines du test et mesure, des communications sécurisées, de la surveillance et test des réseaux, des broadcasts et médias, ainsi que de cybersécurité.

Vos droits

Cette déclaration de consentement peut être révoquée à tout moment par l'envoi d'un courriel portant, dans son objet, la mention "Unsubscribe" (désinscription) à news@rohde-schwarz.com. En outre, chaque courriel envoyé contient un lien vers une fonction de désinscription de publicités ultérieures adressées par courrier électronique. La "Déclaration de confidentialité" expose plus en détail l'utilisation des données personnelles, ainsi que la procédure de révocation de consentement.

Votre demande a bien été envoyée ! Nous vous contacterons dans les plus brefs délais.
An error has occurred, please try again later.