Middle East: Cyberwar Heats Up

Two new malware campaigns have been spotted in the Middle East, according to reports released this week. One targeting energy companies and the other was going after political targets in Israel and Lebanon.

Symantec researchers observed a brand-new information-gathering tool, Trojan. Laziok, this January and February, targeting primarily oil, gas and helium companies in the Middle East. The United Arab Emirates saw 25 percent of the infections, with other Middle East countries adding up to 30 percent more. Pakistan had 10 percent, and the US and the UK had another 10 percent between them.

According to Symantec senior security response manager Satnam Narang, the infection begins with a phishing email that contains an infected attachment, typically, an Excel file. The attachment uses a known ActiveX exploit to get in, an exploit that has been patched in 2012.
 
According to Philip Lieberman, president at Los Angeles-based security vendor Lieberman Software Corp., the recent drop in oil prices has led to a decrease in IT security investment in the oil and gas industry.

"This attack exploits an apparently well-known lack of investment by the oil and gas industry in keeping their Microsoft Office software up to date," said Lieberman and he also said that his company has seen this first-hand.

The exploit code in the attachment then installs the Trojan.Laziok, which collects information about the computer and sends it back to the attackers. That includes information about what kind of anti-virus is present. Tools that enable malware to evade antivirus detection are easily available, confirmed Joe Barrett, senior security consultant at Lake Mary, Fla.-based Foreground Security. "It means that defense in-depth and the principle of 'least privileged' are more important than ever."

Network defenders should watch for malicious traffic and be ready to isolate machines suspected of being infected.
This malware can monitor audio by turning on the audio on the computer, or capture video using the webcam. It can also log keystrokes and install additional malware.

According to researchers at Check Point Software Technologies, who released the Volatile Cedar report this week, that campaign dates all the way back to 2012. It also uses a new, custom information-gathering Trojan, which Check Point named Explosive. But while the Trojan.Laziok attack started with phishing emails, the Volatile Cedar attack began with publicly-facing web servers.

In addition, Check Point traced back the source of the Volatile Cedar attack to actors in Lebanon, and their targets were narrowly targeted political organizations in Israel and Lebanon. The targeting of organizations in Lebanon could be related to espionage among rival political groups, researchers said.

One possible indication that the Trojan.Laziok is not politically motivated is that the malware, which is also known as the Kraken Remote Access Trojan, has been spotted stealing Bitcoin wallets.

"It is unknown who is actually behind the attacks using Kraken," said Jeremy Scott, senior research analyst at Omaha-based security firm Solutionary, Inc. "However... Kraken is far from an 'espionage' malware unless the attackers behind it are more sophisticated than researchers are aware of."

CSO Online
 

« Is ‘Off The Grid’ A Thing Of The Past?
Commando Bugs »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Business Intelligence Associates (BIA)

Business Intelligence Associates (BIA)

BIA's TotalDiscovery is a defensible and cost-effective corporate preservation and legal compliance software solution.

Cyberwrite

Cyberwrite

Cyberwrite was founded to provide underwriters around the world a unique and innovative Cyber Underwriting platform.

Lacework

Lacework

Lacework brings speed, scale, and automation to cloud security and allows security and DevOps teams to collaborate on keeping data and applications safe.

GreyCastle Security

GreyCastle Security

GreyCastle Security is a leading cybersecurity services provider dedicated exclusively to cybersecurity and the practical management of cybersecurity risks.

CSO GmbH

CSO GmbH

CSO GmbH provide specialist consultancy services in the area of IT security.

Secura

Secura

The Secura Cyber Security and Intelligence system predicts and prevents security threats by discovering hidden patterns through the meticulous analysis of large amounts of data.

Devel

Devel

Devel is a LATAM cybersecurity company specialized in providing red, blue and purple team services for the financial sector.

Mitre

Mitre

At Mitre we work across government to tackle challenges to the safety, stability, and well-being of our nation. Areas of expertise include Cybersecurity.

Nucleon

Nucleon

Nucleon enables cybersecurity tools, organizations and software developers to become proactive by blocking threats before they become breaches.

BEAM Teknoloji

BEAM Teknoloji

BEAM Technology is an independent Software Quality and Security Testing Center in Turkey.

Infodas

Infodas

Infodas provides Cybersecurity and IT consulting / system integration services as well as a range of innovative Cybersecurity products to public sector and commercial clients.

Polish Centre for Accreditation (PCA)

Polish Centre for Accreditation (PCA)

PCA is the national accreditation body for Poland. The directory of members provides details of organisations offering certification services for ISO 27001.

GlobalPlatform

GlobalPlatform

GlobalPlatform’s specifications are highly regarded as the international standard for enabling digital services and devices to be trusted and securely managed throughout their lifecycle.

NetApp Excellerator

NetApp Excellerator

NetApp Excellerator is NetApp’s global start-up program that aims to fuel innovation by partnering with deep-tech start-ups.

SecureNation

SecureNation

SecureNation offers a wide variety of cutting-edge technologies and IT services to address almost any of your information security, network security and information assurance needs.

Evo Security

Evo Security

Evo Security is an Identity and Access Management company focused exclusively on serving MSPs, MSSPs and their SMB and Mid-Market customers.