October 3, 2019

One cyber-crime campaign costs hackers just $160 to setup, it’s called “MasterMana Botnet” and could reach your business via a phishing email.

Cybersecurity compromise management company Prevailion has discovered the botnet attack has still been active this September, after first being reported in December 2018. The story was also reported by The Next Web.

MasterMana Botnet is contained in a phishing attack

This cyber-attack’s victims receive a phishing email with an infected attached document that could be an excel file or disguised as an invoice or product requirement document.  Prevailion’s research uncovered details of the MasterMana Botnet attacks and it says:

“In one case, an email impersonated a small-sized legitimate company based out of Dubai, UAE. Both of the emails that we discovered were sent from free email providers, such as Yahoo and Yandex.”

It costs $160 or less for cybercriminals to deploy

When an infected document is opened it releases a “multi-pronged, labyrinth-like kill-chain.” The botnet has added features to avoid some cybersecurity and antivirus measures like automated detection and sandboxing. Victims of the botnet end up downloading a .NET dll, determined by Prevailion to be a remote access trojan (RAT) called “Revenge Rat” or a trojan called Azorult.

Revenge Rat can be found online by cybercriminals for free, Azorult for around $100.  Cybercriminals can lease a Virtual Private Server (VPS) for around $60 giving Prevailion its estimated $160 cost of a MasterMana Botnet attack setup.

Prevailion says:

“As companies increasingly spend more money on security solutions, threat actors are able to operate on shoestring budgets.

The MasterMana Botnet attacks discovered by the cybersecurity company demonstrate a “perfect balance” of sophistication “to avoid automated detection through third-party services and obfuscation while remaining below APT-level sophistication to avoid drawing attention to their campaign.” Prevailion adds:

“While most companies fear they may become compromised by advanced actors, this particular report highlights that actors do not have to rely on advanced tools or techniques to have a serious business impact.”

Phishing attacks aren’t always easy to spot

To combat these attacks Prevailion recommends “a defence-in-depth strategy with multiple security solutions including properly configured firewalls, email protection, and end-point antivirus solutions.”

Such phishing attacks aren’t always easy to spot. Prevailion gives an example of an email that appears to be regarding a product order. An attached, infected, Excel file could open normally but requests that the user runs an Excel macro, which then releases the malicious files into the victim company’s network.

Check out our hilarious security awareness training series; in this preview we take a look at phishing emails if they were in real life:

MasterMana Botnet attacks are expected to continue as they have such low setup costs for cybercriminals and, says Prevailion, because public reporting has not deterred them. The company hopes to highlight the threat so that network defenders may more easily identify this risk.

Security awareness and simulated phishing attacks may help cybersecurity defence

Back in April, here at The Defence Works, we asked if simulated phishing was worth the effort. Simulated phishing is a where a business tests the knowledge and response of their employees by sending fake phishing, or malicious emails. Using this method cybersecurity defenders can assess any vulnerabilities and further educate a workforce – the people who will receive these real phishing emails and who are often a company’s first line of defence.

One report discovered phishing attacks were up in 2018, compared to 2017. But, also that companies that deployed security awareness training saw an increase in attack detection when employees had been trained to recognise cyber risks such as phishing emails.

Phishing simulation can replicate many different types of attack and if delivered in a way that empowers employees it can be an interactive, and thus less forgettable, method of security awareness training. Though such simulations need to be coupled with learning first, and follow up after, so that employees have enough knowledge to feel confident.

Here at The Defence Works we know that 91% of all cyber-attacks start with a phishing email so phishing simulation is just one of our security awareness training packages, try a free demonstration here.

Share this: