JensenIT Blog
Agent Tesla Malware Is After Your Data (And Your Cryptocurrency)
It doesn’t matter if you are a small locally-owned business or a larger-scale enterprise. Network security is equally important, as all businesses by default collect valuable information for hackers. It makes sense to protect your valuable assets, and your data is one of them. A recent threat called Agent Tesla is just another example of phishing malware designed to steal data from businesses just like yours.
Before discussing this particular phishing threat, let’s examine phishing attacks in a more broad sense. What are they, and what do you need to know to protect yourself?
Explaining Phishing Attacks
Hackers will often find that forcing themselves through your defenses is simply not the best approach for their needs, instead resorting to what are called phishing attacks—calculated measures that are designed to trick or mislead users—to gain unauthorized access to data. Phishing attacks are most commonly initiated through downloading an infected file, clicking on a suspicious link in an email, or handing over credentials to someone claiming to be tech support or a higher-up within the organization.
Why It Matters
The biggest challenge that phishing attacks pose for businesses is that it doesn’t matter if you have done all that you can to secure your business; phishing attacks still might find their way into your organization. These types of attacks can often make it past even the best solutions, relying instead on the less reliable part of your infrastructure—your employees—for a way into your business. In this way, your security solutions are only as effective as your employees’ collective knowledge of network security.
Agent Tesla
As a threat, Agent Tesla has been around since 2014. This malware uses a keylogger to steal information from infected devices. The stolen data is then transmitted back to the hacker periodically throughout the day. The hacker might desire information like passwords, usernames, and other data that is typed into the system. This new variant of Agent Tesla is notable thanks to its ability to steal cryptocurrency from the user.
This is where that background information on phishing attacks comes into play; Agent Tesla spreads through infected Excel email attachments. An attack detailed by Fortinet utilized an Excel file titled “Order Requirements and Specs'' in an attempt to spread the malware. It might seem like a legitimate file at first glance. When the user downloads the file and opens it, it will run a macro that downloads Agent Tesla to the device. This specific process, as it’s explained by Fortinet, involves installing PowerShell files for Agent Tesla, adding several items to the Auto-Run group in the system registry through the use of VBScript code, and finally creating a scheduled task that executes at a designated interval.
One of the most concerning things about Agent Tesla is that it is quite accessible, being available for a relatively cheap price with opportunities for support from its developers. As such, the bar is set pretty low for budding hackers who want to try their hand at making other peoples’ lives miserable.
What Can You Do?
The last thing you want to do is find yourself in a position where you are forced to react to threats rather than prevent them entirely. Here is the key to keeping your organization secure from not just phishing threats, but all security threats:
- Implement quality network security solutions to catch the majority of threats before they reach your network.
- Train your employees to identify threats so that the ones that do get through your defenses do not cause more trouble than they need to.
Does your company need help with securing its infrastructure and staying safe from threats? JensenIT can help. To learn more, reach out to us at (847) 803-0044.
Comments