BlackBerry Prevents: SquirrelWaffle Loader
The SquirrelWaffle loader is a relatively new piece of malware that has been delivered through malspam (malicious spam) campaigns. An unpatched vulnerability (as of Oct. 12, 2021) in Microsoft® Exchange Servers is being exploited by SquirrelWaffle in order to distribute these emails.
This threat has been distributed in phishing campaigns via weaponized Microsoft® Office documents and Excel® sheets containing embedded malicious macros. Upon enabling macros, the victim’s machine will leverage a script to reach out to a hardcoded command-and-control (C2) server in order to retrieve the malicious loader. The malware loader has been observed distributing both the Qakbot banking Trojan and Cobalt Strike stagers.
To see how BlackBerry prevents SquirrelWaffle Loader attacks from occurring, check out the following video:
DEMO VIDEO: BlackBerry vs. SquirrelWaffle Loader
BlackBerry Cyber Suite and BlackBerry Guard stop these attacks.
BlackBerry customers can feel confident that our AI-driven BlackBerry® Cyber Suite, as well as our managed detection and response (MDR) solution, BlackBerry® Guard, and our Zero Trust network access solution, BlackBerry® Gateway, are all well-equipped to mitigate the risks posed by threats such as SquirrelWaffle loader:
- BlackBerry® Protect provides automated malware prevention, application and script control, memory protection, and device policy enforcement.
- BlackBerry® Optics extends the threat prevention by using artificial intelligence (AI) to prevent security incidents. It provides true AI incident prevention, root cause analysis, smart threat hunting, and automated detection and response capabilities.
- BlackBerry® Gateway provides Zero Trust network access to reduce risk by protecting traffic through the perimeter and performing encrypted packet analysis. BlackBerry Gateway creates a network that is identity-aware per user, with continuous authorization to thwart zero-day attacks.
- The BlackBerry® Mobile Threat Defense (MTD) solution prevents and detects advanced malicious threats at the device and application levels. It combines the mobile endpoint management capabilities of BlackBerry® Unified Endpoint Manager (UEM) with advanced AI-driven threat protection, to get in front of malicious cyberattacks in a Zero Trust environment.
- BlackBerry® Persona creates trust based on behavioral analytics, app usage, and network and process invocation patterns. It uses adaptive risk scoring to provide continuous authentication.
- BlackBerry Guard customers are proactively protected from SquirrelWaffle loader attacks. Our 24/7 MDR solution customers receive:
- Alerts monitored in real-time
- Corrective policies applied while discovering gaps in policy implementation
- Prioritized threat hunting
- The latest threat intelligence for fast-moving threats
At BlackBerry, we take a prevention-first and AI-driven approach to cybersecurity. Putting prevention first neutralizes malware before the exploitation stage of the kill-chain.
By stopping malware at this stage, BlackBerry® solutions help organizations increase their resilience. It also helps to reduce infrastructure complexity and streamline security management, ensuring your business, people and endpoints are secure.
The BlackBerry Incident Response team can work with organizations of any size and across any vertical, to evaluate and enhance their endpoint security posture and proactively maintain the security, integrity, and resilience of their network infrastructure.
For emergency assistance, please email us at DLIR@blackberry.com, or use our handraiser form.
Learn more about this threat in our deep dive blog, Threat Thursday: SquirrelWaffle Loader.