Research Saturday 9.11.21
Ep 200 | 9.11.21

A Google Chrome update that just didn't feel right.

Show Notes

Guest Jon Hencinski from Expel joins Dave Bittner to discuss his team's recent work on "Expel SOC Stops Ransomware Attack Aimed at WordPress CMS via Drive-By Download Disguised as Google Chrome Update."

In July, 2021, Expel's SOC stopped a ransomware attack at a large software and staffing company. The attackers compromised the company’s WordPress CMS and used the SocGholish framework to trigger a drive-by download of a Remote Access Tool (RAT) disguised as a Google Chrome update.

In total, four hosts downloaded a malicious Zipped JScript file that was configured to deploy a RAT, but we were able to stop the attack before ransomware deployment and help the organization remediate its WordPress CMS. Jon walks us through what happened, how they caught it, and provide recommendations on how to secure your WordPress CMS. 

The research can be found here: