Agent Tesla: Another Phishing Malware Threat

It doesn’t matter if you are a small locally-owned business or a massive enterprise: network security is equally imperative, as all businesses by default collect valuable information for hackers. It makes sense to protect your valuable assets, and your data is one of them. A recent threat called Agent Tesla is just another example of phishing malware designed to steal data from businesses just like yours, regardless of how big it is.

Before discussing this particular phishing threat, let’s go over phishing attacks in a more broad sense. What are they, and what do you need to know to protect yourself?

Phishing Attacks

Hackers will often find that forcing themselves through your defenses is just not the best approach for their needs. Thus, they resort to what are called phishing attacks: calculated measures that are designed to trick or mislead users to gain unauthorized access to data. Phishing attacks are most commonly initiated via downloading an infected file, clicking on a suspicious link in an email, or handing over credentials to someone claiming to be tech support or a higher-up within the company.

Why It Matters

The biggest challenge that phishing attacks pose for businesses is that it doesn’t matter if you have done all that you can to secure your organization; phishing attacks still might find their way into your business. These kinds of attacks can often make it past even the best solutions, relying instead on the less reliable part of your infrastructure—your employees—for a way into your organization. In this way, your security solutions are only as effective as your employees’ collective knowledge of network security.

Agent Tesla

Agent Tesla has been around since 2014, using a keylogger to steal information from infected devices. The stolen data is then transmitted back to the hacker periodically throughout the day. The hacker might desire information like passwords, usernames, and other data that is typed into the system. This new variant of Agent Tesla is notable thanks to its ability to steal cryptocurrency from the user.

This is where that background information on phishing attacks comes into play. Agent Tesla spreads via infected Excel email attachments. An attack detailed by Fortinet utilized an Excel file titled “Order Requirements and Specs'' in an attempt to spread the malware. It might seem like a legitimate file at first glance. When the user downloads the file and opens it, it will run a macro that downloads Agent Tesla to the device. This specific process, as it’s explained by Fortinet, involves installing PowerShell files for Agent Tesla, adding several items to the Auto-Run group in the system registry through the use of VBScript code, and finally creating a scheduled task that executes at a designated interval.

One of the most concerning things about Agent Tesla is that it is quite accessible, being available for a relatively cheap price with opportunities for support from its developers. As such, the bar is set pretty low for budding hackers who want to try their hand at making other peoples’ lives miserable.

What Can You Do?

The last thing you want to do is find yourself in a position where you are forced to react to threats rather than prevent them entirely. Here is the key to keeping your business secure from not just phishing threats, but all security threats:

• Implement quality network security solutions to catch the majority of threats before they reach your network.
• Train your employees to identify threats so that the ones that do get through your defenses do not cause more trouble than they need to.

Does your organization need help with securing its infrastructure and staying safe from threats? Macro Systems can help. To learn more, reach out to us at 703-359-9211.