Protection against new attack technique "OneDrive as Command & Control Server"

While on the one hand cyberattacks such as Ransomware-as-a-Service are easy to acquire and execute on the darknet even for tech laymen, on the other hand more and more technically sophisticated cyberattacks are becoming known. For example, the new attack technique discovered by Trellix Threat Labs that uses OneDrive as a command & control server. A command & control server is the central computer that sends commands to a so-called botnet and then receives the returned reports from the selected computers. According to Trellix Threat Labs, the attack most likely targeted government officials and people from the defense industry in West Asia.

The attack went as follows: the victim receives a spear phishing email and starts executing an Excel download. This exploited a known vulnerability in Microsoft's proprietary browser engine for Internet Explorer, MSHTML, with CVE-2021-40444, to execute a malicious file in memory. Malware was then deployed to use OneDrive as a command & control server - a technique that is also new to the Trellix Threat Lab team.

R&S®Browser in the Box, the virtual browser with network separation, also protects against such a technically adept attack. Firstly, because Microsoft Office no longer has Internet access due to the all-encompassing network separation. Secondly, other virus variants do not stand a chance, because the solution does not rely on reactive detection and defense, but on proactive isolation. To achieve this, the operating system and browser, as well as the Internet and local network, must be separated from each other. Only then does intruding malware remain enclosed in the virtual environment and cannot spread on the computer and in the local network. Direct access to the Internet for malware is thus also proactively blocked and data tapping is prevented. Users of the virtual browser can surf the Internet in full despite strict Internet separation, and existing workflows remain intact. R&S®Browser in the Box was developed on behalf of the German Federal Office for Information Security (BSI) and, like solutions approved by the BSI, meets particularly strict specifications and high security standards.

Do you have questions or need additional information? Simply fill out this form and we will get right back to you.

Salutation*

First name*

Last name*

E-mail*

Phone (e.g. +1 400 123 5678)*

Company*

Country*

Street*

No.*

Zip*

City*

Inquiry*

Email confirmation*

Autorizzazione al marketing

Desidero ricevere informazioni da Rohde & Schwarz tramite

E-mail
Posta

Desidero ricevere informazioni commerciali e di marketing (ad esempio su offerte speciali, promozioni e sconti) da Rohde & Schwarz GmbH & Co. KG o dall'entità o società affiliata Rohde & Schwarz menzionata nelle Note legali di questo sito web tramite e-mail o posta. Nella Dichiarazione di riservatezza e nell’Autorizzazione al marketing sono definiti ulteriori dettagli sull’utilizzo dei dati personali e sulla procedura di revoca del consenso al trattamento degli stessi.

La tua richiesta è stata ricevuta. Ti ricontatteremo a breve.

An error has occurred, please try again later.