At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Gootloader Malware Uses Social Engineering to Target Law Firms (or their Clients)

    Law firms are being targeted by a large number of social engineering attacks involving the Gootloader malware delivery tool, according to researchers at Trustwave.

    “Recently, we’ve seen a noticeable surge in malware cases linked to a malicious payload delivery system known as Gootloader,” the researchers write. “The group behind this malware is believed to operate a malware-as-a-service operation, exclusively providing a malware delivery service for other threat actors. This malware has gained notoriety due to its exploitation of compromised WordPress sites for malware distribution and its utilization of SEO (Search Engine Optimization) poisoning techniques to achieve high rankings in web search results.”

    Trustwave found that 46% of these attacks are against law firms, due to the attackers’ tendency to use legal documents as bait.

    “We collected a bunch of search queries that lead to the compromised websites and identified the keywords utilized by this malware group, revealing a predominant SEO keyword focus on legal documents such as ‘agreements,’ ‘contracts,’ and ‘forms,’” the researchers write. “This watering hole strategy theme appears to be successful – most cases we receive related to this malware are from our clients in law offices and legal firms. These are some of the SEO search terms utilized in this campaign. While the majority of the keywords are in English, the campaign also targets the French, Spanish, Portuguese, German, and South Korean languages.”

    Gootloader is installed after a user is tricked into visiting one of the malicious sites and downloading a document.

    “When visiting a poisoned link from the search engine result, the user will be directed to a page that mimics a forum,” Trustwave says. “This fake forum page employs social engineering tactics to entice the user to click on a direct download link for the desired document file. As the compromised WordPress website is under the control of malicious actors, a cloaking mechanism is employed to prevent loading for non-target users like security researchers, and other prying eyes.”

    New-school security awareness training can teach your employees how to thwart social engineering tactics.

    Get Your Ransomware Hostage Rescue Manual

    This 26-page manual is packed with actionable info that you need to prevent infections, and what to do when you are hit with ransomware. You also get a Ransomware Attack Response Checklist and Prevention Checklist. You will learn more about:

    1. What is Ransomware?
    2. Am I Infected?
    3. I’m Infected, Now What?
    4. Protecting Yourself in the Future
    5. Resources

    Don’t be taken hostage by ransomware. Download your rescue manual now! 

    Get Your Manual

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/ransomware-hostage-rescue-manual-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top