WatchGuard Blog

Ducktail malware: what is it and why are businesses so concerned about it?

The number of new types of attacks that compromise organizations’ cybersecurity is on the rise. Cybercriminals are more capable than ever of adapting and upgrading their attack formats to circumvent their victims' protection protocols. 

Data shows that the volume of new attacks is increasing every year. According to Astra, this year we have reached a record number of 560,000 new types of malware detected daily. This brings the number of malware currently in existence to over one billion. 

However, within this welter of new malware campaigns, some threats are more worrying than others.  Ducktail malware stands out in this respect and its evolution and impact on businesses from different sectors across the world, and particularly the fashion industry, has placed the spotlight on this malicious program.

Ducktail malware is a Vietnam-based operation that uses the LinkedIn Ads and Facebook Business platforms to hijack accounts on these social networks, particularly affecting companies or teams specialized in marketing, digital marketing, or human resources. The main impact and cause for concern for many organizations is this malware’s ability to adapt to changes, adding new functionalities that make its attacks more effective. 

It works by sending malicious files disguised as photos or video in PDF format. Typically, these files use terms customized for the victim to increase the likelihood that they will be opened. If opened, malicious code is triggered, initiating the process of installing the malware on the system and thus compromising corporate and third-party accounts.

How to protect ourselves from Ducktail malware

Although Ducktail malware is highly adaptive, which makes it difficult to establish a specific protection protocol to address this threat, there are ways to protect against an attack. We outline several methods below: 

  • Employee training: 

    Corporate cybersecurity often starts with the employees. In this case, they play a critical role in ensuring precautions are taken to avoid falling victim to this attack, which is why companies should invest in training so that workers can identify fraudulent activity. This boosts awareness among teams and serves as the first step towards protecting organizations.

  • Use of firewalls: 

    Although prevention is key, in the event of a potential threat we must also have a system in place that blocks a malicious agent from entering the system. Installing a firewall to prevent the spread of any malware is an essential part of shielding an organization’s devices and internal systems.

  • Implementing a unified cybersecurity system: 

    Installing a firewall is the foundation of an effective cybersecurity protocol but complementing this measure with other solutions can really make the difference when it comes to protecting your organization. Combining cybersecurity systems such as XDR functionality to ensure detection and response to the presence of threat actors, the aforementioned use of firewalls, and endpoint security helps cover any potential gaps in data protection, thus unifying the cybersecurity protocol and making it more effective.

Although Ducktail malware and many other malware campaigns are highly adaptive, there are always ways to deal with these threats. It’s important for organizations to be aware of any new malicious cyber actor that could compromise their internal systems so that they can apply a protocol that adapts to each case and protects corporate and customer data. 

If you are interested in finding out more about other types of malware and how to protect your business, check out our blog posts: 



Share this: