Protection against new attack technique "OneDrive as Command & Control Server"

While on the one hand cyberattacks such as Ransomware-as-a-Service are easy to acquire and execute on the darknet even for tech laymen, on the other hand more and more technically sophisticated cyberattacks are becoming known. For example, the new attack technique discovered by Trellix Threat Labs that uses OneDrive as a command & control server. A command & control server is the central computer that sends commands to a so-called botnet and then receives the returned reports from the selected computers. According to Trellix Threat Labs, the attack most likely targeted government officials and people from the defense industry in West Asia.

The attack went as follows: the victim receives a spear phishing email and starts executing an Excel download. This exploited a known vulnerability in Microsoft's proprietary browser engine for Internet Explorer, MSHTML, with CVE-2021-40444, to execute a malicious file in memory. Malware was then deployed to use OneDrive as a command & control server - a technique that is also new to the Trellix Threat Lab team.

R&S®Browser in the Box, the virtual browser with network separation, also protects against such a technically adept attack. Firstly, because Microsoft Office no longer has Internet access due to the all-encompassing network separation. Secondly, other virus variants do not stand a chance, because the solution does not rely on reactive detection and defense, but on proactive isolation. To achieve this, the operating system and browser, as well as the Internet and local network, must be separated from each other. Only then does intruding malware remain enclosed in the virtual environment and cannot spread on the computer and in the local network. Direct access to the Internet for malware is thus also proactively blocked and data tapping is prevented. Users of the virtual browser can surf the Internet in full despite strict Internet separation, and existing workflows remain intact. R&S®Browser in the Box was developed on behalf of the German Federal Office for Information Security (BSI) and, like solutions approved by the BSI, meets particularly strict specifications and high security standards.