Protection against new attack technique "OneDrive as Command & Control Server

Protection against new attack technique "OneDrive as Command & Control Server"

While on the one hand cyberattacks such as Ransomware-as-a-Service are easy to acquire and execute on the darknet even for tech laymen, on the other hand more and more technically sophisticated cyberattacks are becoming known. For example, the new attack technique discovered by Trellix Threat Labs that uses OneDrive as a command & control server. A command & control server is the central computer that sends commands to a so-called botnet and then receives the returned reports from the selected computers. According to Trellix Threat Labs, the attack most likely targeted government officials and people from the defense industry in West Asia.

The attack went as follows: the victim receives a spear phishing email and starts executing an Excel download. This exploited a known vulnerability in Microsoft's proprietary browser engine for Internet Explorer, MSHTML, with CVE-2021-40444, to execute a malicious file in memory. Malware was then deployed to use OneDrive as a command & control server - a technique that is also new to the Trellix Threat Lab team.

R&S®Browser in the Box, the virtual browser with network separation, also protects against such a technically adept attack. Firstly, because Microsoft Office no longer has Internet access due to the all-encompassing network separation. Secondly, other virus variants do not stand a chance, because the solution does not rely on reactive detection and defense, but on proactive isolation. To achieve this, the operating system and browser, as well as the Internet and local network, must be separated from each other. Only then does intruding malware remain enclosed in the virtual environment and cannot spread on the computer and in the local network. Direct access to the Internet for malware is thus also proactively blocked and data tapping is prevented. Users of the virtual browser can surf the Internet in full despite strict Internet separation, and existing workflows remain intact. R&S®Browser in the Box was developed on behalf of the German Federal Office for Information Security (BSI) and, like solutions approved by the BSI, meets particularly strict specifications and high security standards.

Contact Us

Do you have questions or need additional information? Simply fill out this form and we will get right back to you.

Marketing permission

I want to receive information from Rohde & Schwarz via

What does this mean in detail?

I agree that Rohde & Schwarz GmbH & Co. KG and the Rohde & Schwarz entity or subsidiary company mentioned in the imprint of this website, may contact me via the chosen channel (email or postal mail) for marketing and advertising purposes (e.g. information on special offers and discount promotions) related to, but not limited to, products and solutions in the fields of test and measurement, secure communications, monitoring and network testing, broadcast and media, and cybersecurity.

Your rights

This declaration of consent may be withdrawn at any time by sending an email with the subject "Unsubscribe" to news@rohde-schwarz.com. Additionally, a link to unsubscribe from future email advertisements is contained in each email sent. Further details on the use of personal data and the withdrawal procedure are set out in the Statement of Privacy.

Your request has been sent successfully. We will contact you shortly.
An error has occurred, please try again later.