Avatar

Researchers from the Cisco Talos Security Intelligence and Research Team recently discovered an elaborate attack dubbed the String of Paerls. The attack, a combined spearphishing and exploit attempt, was able to bypass most antivirus engines and used a targeted phishing email that included a malicious Word document attachment. Upon opening the Word attachment, a macro downloaded and launched an executable on the victim’s machine, which then called out to command and control servers.

In the graphic below you can see an illustration of each of the major steps of the attack. A common thread is that Cisco security provides protection against attacks like this one using the approach of integrated threat defense. Specifically, Advanced Malware Protection tools were used throughout the discovery and analysis process to expose the exploit.

paerls-blog-1024x714

For a complete play-by-play of this attack, read the String of Paerls blog post from Talos. For more about integrated threat defense in our products, see the new Cisco ASA with FirePOWER Services.



Authors

Brian Remmel

Marketing Manager, Security