Staying Safe in Times of Cyber Uncertainty

Agent Tesla Malware

Agent Tesla is an example of an advanced remote access trojan (RAT) that specializes in the theft and infiltration of sensitive information from infected machines. It can collect various types of data, including keystrokes and login credentials used in browsers (such as Google Chrome and Mozilla Firefox) and email clients used on infected machines.

According to Check Point’s 2022 Cybersecurity Report, Agent Tesla was the 6th most prevalent malware variant in 2021, attacking an estimated 4.1% of corporate networks. It was also the second most common infostealer malware variant globally behind Formbook malware. Agent Tesla was first discovered in 2014 and was a prolific malware variant through 2020. However, between 2020 and 2021, it experienced a drop in prominence of 50%.

Request a Demo Download the Cyber Security Report

How Does It Spread?

The Agent Tesla malware primarily spreads through phishing emails. For this reason, it commonly receives a bump in prominence when new malspam campaigns are launched.

Once it gains access to a system, it uses various techniques to hide its presence. One is the use of multiple layers of packing and obfuscation to conceal the malicious functionality from detection. This makes it more difficult for signature-based detection systems to identify the malware because the main functionality is only revealed well after the initial infection.

After the core functionality has been unpacked, Agent Tesla searches for browsers installed on the system and extracts login credentials from them. It can also capture keystrokes and screenshots. All of these contribute to granting the attacker access to users’ accounts that are compromised by these stolen credentials.

The Agent Tesla malware has been observed in spear phishing campaigns against multiple different industries, including energy, logistics, finance, and government

How to Protect Against Agent Tesla Malware

Some ways to protect against and mitigate the impact of Agent Tesla infections include:

  • Anti-Phishing Protection: Agent Tesla malware is commonly delivered in an obfuscated form attached to phishing emails. Detecting and blocking this malware from reaching employees’ inboxes requires anti-phishing solutions capable of analyzing attachments and detecting malicious functionality within an isolated, sandboxed environment.
  • Content Disarm and Reconstruction (CDR): CDR solutions dissect files, excise malicious content, and rebuild the sanitized file before allowing it to continue on to a user’s inbox. This provides users with access to potentially important files while eliminating the risk of malware infections.
  • Endpoint Detection and Response: Agent Tesla malware unpacks itself through multiple stages on the endpoint, making it difficult to identify the malicious functionality in the malware’s original form. Endpoint security solutions installed on infected devices can identify and terminate a malware infection once it reveals itself.
  • Multi-Factor Authentication: Agent Tesla malware is designed to steal login credentials on infected machines to provide attackers with access to online accounts. Deploying and enforcing the use of multi-factor authentication (MFA) wherever possible makes it more difficult for an attacker to make use of stolen credentials.
  • Zero Trust Access Management: A successful Agent Tesla attack may grant an attacker access to a user’s corporate accounts on various systems. Implementing access management based on zero trust principles limits the damage incurred by a compromised account.
  • User Behavior Monitoring: Agent Tesla is designed to allow attackers to take over legitimate corporate accounts. Monitoring account behavior for anomalous behavior can enable an organization to identify potentially compromised user accounts.
  • Employee Security Training: Agent Tesla malware is spread through spear phishing campaigns, which are designed to trick users into opening malicious files. Cybersecurity awareness training is essential to teaching employees to recognize and properly respond to these emails to minimize the risk that they pose to the organization.

Agent Tesla Detection and Protection with Check Point

Agent Tesla is one of the leading malware threats that organizations face with the ability to steal various types of sensitive information from an organization’s infected computers. However, Agent Tesla is far from the only cyber threat that organizations are forced to contend with. To learn more about Agent Tesla, the most prominent malware variants, and other leading threats that companies face, check out Check Point’s 2022 Cybersecurity Report.

Check Point Harmony Endpoint provides robust endpoint protection against a range of cyber threats, including Agent Tesla malware and other known and zero-day attacks. To learn more about how Harmony Endpoint can secure your organization’s devices against cyber threats, you’re welcome to sign up for a free demo today.

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK