Two new emerging threats have surfaced named HTTPSnoop and PipeSnoop, which are being used in cyberattacks on telecommunication service providers in the Middle East. With this new malware, malicious actors are able to control compromised devices remotely.
HTTPSnoop operates by interacting with Windows HTTP kernel drivers and associated devices, leveraging specific HTTP(S) URLs to trigger the execution of content on the compromised endpoint. PipeSnoop takes on a different role by accepting and running arbitrary shellcode transmitted through a named pipe.
Though Eclypses MTE technology doesn’t solve the problem directly, it does help with the side effects of these attacks. The HTTPSnoop creates an HTTP listener and can do anything with the decrypted HTTP requests that pass through it. Eclypses MTE technology would protect the valid data flowing through this system, preventing malicious actors from stealing data.
“This attack is scary because it exposes many applicable attack vectors. Just imagine that malware has created an HTTP listener on your server that is authorized to execute shell scripts, and all network traffic passes through it. That service could do anything with it, from injecting bad data to extracting useful information. Eclypses MTE technology would be a huge value because at least the data would be immune,” comments Joe Jeanjaquet, Eclypses Senior Director of Engineering.
Have any questions? Reach out to our team to learn more about the business benefits of Eclypses MTE technology.