There were 808 press releases posted in the last 24 hours and 392,138 in the last 365 days.

ANY.RUN Shows How Cyber Criminals Abuse WebDAV to Launch Malware Attacks

DUBAI, DUBAI, UNITED ARAB EMIRATES, April 8, 2024 / -- ANY.RUN, the leading provider of an interactive malware analysis sandbox, has published a study on cyber attacks that leverage WebDAV, URLs, and LNK files to deliver malicious payloads. The article provides a detailed analysis of the attack execution and offers actionable information to detect and prevent such attacks.

๐“๐ก๐ž ๐’๐ญ๐ž๐ฉ๐ฌ ๐จ๐Ÿ ๐š ๐–๐ž๐›๐ƒ๐€๐• ๐€๐ญ๐ญ๐š๐œ๐ค
WebDAV (Web Distributed Authoring and Versioning) is a file transfer protocol built on HTTP. Attackers often exploit this technology to host malicious payloads, which are then downloaded and executed on victims' computers using scripts or other methods.

An attack using a WebDAV server targeting a PC follows four main steps:

1. The attacker creates a shortcut (LNK) file that contains malicious commands.
2. The LNK file is then uploaded to the attacker's WebDAV server, ready to be downloaded and executed by the victim's computer.
3. The attacker creates a URL pointing to a file containing the link to the attacking WebDAV server hosting the LNK. This URL file is what the victim will run.
4. When the victim runs the URL file, it triggers the download and execution of the LNK file. This leads to the device getting infected with malware such as AsyncRat, Purelogs, or others.

๐€๐ง๐š๐ฅ๐ฒ๐ฌ๐ข๐ฌ ๐š๐ง๐ ๐ƒ๐ž๐ญ๐ž๐œ๐ญ๐ข๐จ๐ง
The researchers introduce several methods to identify and counter such attacks. These include:

โ€ข YARA, Suricata, and SIGMA Rules to detect malicious URL/LNK files, command line indicators, and network connections to WebDAV servers.
โ€ข Blocking URL Execution: The experts suggest blocking the execution of URL files in Windows settings as a mitigation strategy. This prevents the automatic execution of malicious files.
Make sure to take into consideration the growing threat of WebDAV attacks and introduce proper security measures to protect your infrastructure.

Read more on ANY.RUNโ€™s blog.

๐€๐›๐จ๐ฎ๐ญ ๐€๐๐˜.๐‘๐”๐
ANY.RUN is a cybersecurity company specializing in interactive malware analysis. Its flagship product, an interactive malware sandbox, enables security teams to analyze threats efficiently and accurately. ANY.RUN is dedicated to helping businesses strengthen their cybersecurity posture.

Veronika Trifonova
+1 657-366-5050
email us here
Visit us on social media: