A recent report by IBM Security X-Force researcher highlights the emergence of a new malware called "Domino" that is being distributed by a group of former Conti ransomware operators and Fin7 developers. The attackers focused on attacking higher-value targets and deployed the Domino Backdoor. This malware is particularly dangerous as it has the ability to bypass traditional email security solutions using detection-based approaches.
However, this malware is an avoidable catastrophe. Featuring multi-layered email protection, OPSWAT’s MetaDefender Email Security solution provides the advanced capabilities that enable organizations to prevent similar advanced malware.
A Multi-Level Kill Chain
What makes the Domino malware more dangerous compared to generalized malware is the fact that it follows a multi-level kill chain, where the malicious payload’s release is delayed. The kill chain starts with a phishing email or a malvertising, which contains a loader called Dave when the users click on suspicious links. This loader will then install the Domino Backdoor, which is connected to the attacker’s Command and Control server.
The Domino Backdoor would then download the Domino Loader, which installs a .NET infostealer called Nemesis. Once embedded, Nemesis would collect data from the user’s browsers and applications.
Removing this malware at the late stage of its kill chain is a difficult task, so the ideal strategy is to prevent the phishing emails at the start of the chain. MetaDefender Cloud Email Security and MetaDefender Email Security are the solutions you need to prevent similar email threats.
Multi-layered Email Protection for Maximum Protection
OPSWAT’s MetaDefender Email Security solution prevents unknown exploits and zero-day threats by utilizing a multi-layered protection approach which feature advanced anti-phishing technologies with URL reputation check at the time of click as well as market-leader AV engines with heuristic and machine learning predictive methods. It also integrates content disarm & reconstruction technologies to sanitize suspicious files and create a clean output file with the same characteristics. This ensures that even the most sophisticated threats, such as the Domino malware, are detected and blocked before they can reach end users.
In the specific case of the Domino malware, the threat will be effectively neutralized at the earliest stage of the attack. Phishing emails lure users to download malicious loaders through either attachments or suspicious links.
First, emails with known phishing URLs are blocked before they reach a user’s inbox. Next, emails with suspicious URLs can be neutralized by exposing them into plain text. Finally, the reputation of URLs is checked whenever they are clicked, protecting users even after an email is delivered.
This reputation analysis includes the sender’s IP address, the email headers (i.e., FROM address, FROM domain, REPLY-TO address), and the body of the email, including any hidden hyperlinks. OPSWAT’s MetaDefender Email Security solution from multiple real-time online sources to provide a lookup service that returns aggregated results to our users. This functionality enables OPSWAT’s MetaDefender Email Security solution to identify threats like botnets or phishing sites that would not be found through scanning files when accessing content.
Conclusion
OPSWAT’s MetaDefender Email Security solution will take your email security posture to the max, preventing advanced malware threats such as the Domino malware. Its Multiscanning and Deep CDR technologies complemented with Advanced Anti-phishing capabilities make it a powerful solution for protecting organizations' email communications from advanced cyber threats.
Learn more about how you protect yourself against advanced threats with MetaDefender capabilities!
