Skip to content
Logpoint Global Services has researched the banking trojan IcedID, which has developed into a gateway for more sophisticated attacks
Logpoint Global Services has researched the banking trojan IcedID, which has developed into a gateway for more sophisticated attacks

News -

Cyber attackers hiding behind legal threats: A deep-dive into the IcedID gateway to sophisticated cyberattacks

  • Logpoint Global Services has researched the banking trojan IcedID, which has developed into a gateway for more sophisticated attacks
  • IcedID leverage legitimate infrastructure like contact forms and email to deliver fake legal threats or spoofed invoices

COPENHAGEN, Denmark & BOSTON, November 17, 2022 – The threat of a lawsuit can make anyone anxious. And if the threat includes a link to the evidence, who wouldn't have the urge to click it and see the so-called proof behind the allegation? Unfortunately, that’s when the trap snaps shut. The IcedID malware downloads, and adversaries can remotely control the compromised device.

Logpoint Global Services has investigated the IcedID banking trojan by analyzing samples from online sandboxes for its latest installment of the Emerging Threats Protection Report. The report reveals that IcedID has diverse delivery methods, adding legal threats and spoof invoices to social engineering tactics. In addition, IcedID has a complicated behavior. It has developed from a simple banking trojan into a gateway for more sophisticated and harmful cyberattacks. In fact, IcedID is now the second most widespread ransomware family trend, only surpassed by Emotet.

"IcedID is the perfect example of how cybercriminals develop their sophisticated strategies while still using a traditional malware payload to reach their goals," says Doron Davidson, VP Logpoint Global Services. "The ability to detect IcedID is crucial to prevent ransomware attacks and stop a breach before any major damage is done."

To safeguard your organization against IcedID, Doron Davidson recommends:

  • Expert monitoring is especially critical in detecting this campaign, given the delivery method and the nature of the malicious emails
  • Using in-house social engineering attack scenarios, user awareness training, and empowering employees to recognize and report these attacks will be crucial steps to effectively stop IcedID or any ransomware attacks
  • Automation of the incident response increases the chances of shutting down a ransomware attack before important data gets encrypted

Read Logpoint's blog post about the findings here, and access the full Emerging Threats Protection Report, IcedID - Hunting, Preventing, and Responding to IcedID Malware Using Logpoint. The report offers in-depth vulnerability analysis, means to detect and respond to the threat, and insights about incident investigation and response.

Logpoint Global Services is a team of experts who provide cutting-edge security research in publicly available reports at no cost. As part of the paid service, customers get tailored detection rules, and investigation and mitigation playbooks for recent threats.

Related links

Topics

Categories

Contacts

Maimouna Corr Fonsbøl

Maimouna Corr Fonsbøl

Press contact Head of PR PR & Communications +45 25 66 82 98

Related content

Logpoint releases Logpoint 7.1 to simplify secure digital transformation

Logpoint releases Logpoint 7.1 to simplify secure digital transformation

Logpoint announces the release of Logpoint 7.1 with upgrades to its SIEM, SOAR, and UEBA technologies to enhance the Converged SIEM platform and bolster cyber protection. The new features enable users to simplify security operations with improved UIs, workflows and automation options for faster threat detection and response.

An old acquaintance resurfaces with new capabilities

QakBOT: An old acquaintance resurfaces with new capabilities

A new Logpoint study reveals that the latest QakBot malware version is heavily used in malspam campaigns by notorious ransomware gangs. The new QakBot emergence uses multiple, simple yet effective defense evasion techniques against static detection methods.

Hunting BlackCat: A ransomware family on the rise

Hunting BlackCat: A ransomware family on the rise

Logpoint research reveals that BlackCat has the fourth-highest number of victims in the last six months. BlackCat uses its public leak site to intimidate victims, where anyone can easily search and access the leaked victim information.

About Logpoint

Headquartered in Copenhagen, Denmark, with offices across Europe, the USA, and Asia, Logpoint is a multinational, multicultural, inclusive cybersecurity company. LogPoint bolsters organizations in the fight against evolving threats by giving them a single source of truth — an intuitively designed platform with the powerful capabilities needed to ensure their safety. Powered by machine learning and backed by an industry-leading support team, Logpoint’s cybersecurity operations platform accelerates detection and response, allowing organizations to respond to tomorrow’s threats.

Logpoint’s core belief lies in creating software that empowers security teams to make confident decisions, feel justified in their choices, and more efficiently protect their organizations. That principle has earned them the trust of more than 1,000 organizations worldwide, as well as a place in Gartner’s Magic Quadrant.

The company’s culture prioritizes passion, innovation, team spirit, and client satisfaction. Together, these values fuel Logpoint’s success across cybersecurity technologies: from SIEM, UEBA, and SOAR to SAP security, converged into an integrated security operations platform, created to protect the digital heart of organizations.

Logpoint

Bryggervangen 55
2100 Copenhagen
Denmark

Visit our other newsrooms