Middle East: Cyberwar Heats Up

Uploaded on 2015-04-09 in NEWS-Cybersecurity News, INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW, TECHNOLOGY--Hackers

Two new malware campaigns have been spotted in the Middle East, according to reports released this week. One targeting energy companies and the other was going after political targets in Israel and Lebanon.

Symantec researchers observed a brand-new information-gathering tool, Trojan. Laziok, this January and February, targeting primarily oil, gas and helium companies in the Middle East. The United Arab Emirates saw 25 percent of the infections, with other Middle East countries adding up to 30 percent more. Pakistan had 10 percent, and the US and the UK had another 10 percent between them.

According to Symantec senior security response manager Satnam Narang, the infection begins with a phishing email that contains an infected attachment, typically, an Excel file. The attachment uses a known ActiveX exploit to get in, an exploit that has been patched in 2012.
 
According to Philip Lieberman, president at Los Angeles-based security vendor Lieberman Software Corp., the recent drop in oil prices has led to a decrease in IT security investment in the oil and gas industry.

"This attack exploits an apparently well-known lack of investment by the oil and gas industry in keeping their Microsoft Office software up to date," said Lieberman and he also said that his company has seen this first-hand.

The exploit code in the attachment then installs the Trojan.Laziok, which collects information about the computer and sends it back to the attackers. That includes information about what kind of anti-virus is present. Tools that enable malware to evade antivirus detection are easily available, confirmed Joe Barrett, senior security consultant at Lake Mary, Fla.-based Foreground Security. "It means that defense in-depth and the principle of 'least privileged' are more important than ever."

Network defenders should watch for malicious traffic and be ready to isolate machines suspected of being infected.
This malware can monitor audio by turning on the audio on the computer, or capture video using the webcam. It can also log keystrokes and install additional malware.

According to researchers at Check Point Software Technologies, who released the Volatile Cedar report this week, that campaign dates all the way back to 2012. It also uses a new, custom information-gathering Trojan, which Check Point named Explosive. But while the Trojan.Laziok attack started with phishing emails, the Volatile Cedar attack began with publicly-facing web servers.

In addition, Check Point traced back the source of the Volatile Cedar attack to actors in Lebanon, and their targets were narrowly targeted political organizations in Israel and Lebanon. The targeting of organizations in Lebanon could be related to espionage among rival political groups, researchers said.

One possible indication that the Trojan.Laziok is not politically motivated is that the malware, which is also known as the Kraken Remote Access Trojan, has been spotted stealing Bitcoin wallets.

"It is unknown who is actually behind the attacks using Kraken," said Jeremy Scott, senior research analyst at Omaha-based security firm Solutionary, Inc. "However... Kraken is far from an 'espionage' malware unless the attackers behind it are more sophisticated than researchers are aware of."

CSO Online
 

« Is ‘Off The Grid’ A Thing Of The Past?
Commando Bugs »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Cristie Data

Cristie Data

Cristie have been a trusted, innovative and leading edge data storage, backup and virtualisation solutions provider across all sectors of industry for over 40 years.

Hyve

Hyve

Hyve provide a wide range of managed web hosting services including private, hybrid and public VMware cloud hosting.

Logically Secure

Logically Secure

Logically Secure provide penetration testing and security assessment services.

Secmentis

Secmentis

Secmentis is a cyber security consultancy specializing in penetration testing, threat intelligence, and proactive defense for your IT infrastructure.

Cognni

Cognni

Cognni (formerly Shieldox) will make your InfoSec think like a human, right out of the box, so you can focus on the bigger picture, keeping the information flow safe.

Shift Technology

Shift Technology

Shift Technology provides insurance companies with an innovative SaaS solution to improve and scale fraud detection.

Security & Intelligence Agency (SOA) - Croatia

Security & Intelligence Agency (SOA) - Croatia

SOA is the Croatian security and intelligence service. Areas of activity include Cyber Security and Information Security.

United Nations Office on Drugs & Crime (UNODC)

United Nations Office on Drugs & Crime (UNODC)

UNODC promotes long-term and sustainable capacity building in the fight against cybercrime through supporting national structures and action.

Redbelt Security

Redbelt Security

Redbelt is a cyber security consultancy. We integrate people, systems, services and products to transform how your information security is delivered.

Cyber Security Academy (CSA)

Cyber Security Academy (CSA)

The CSA aims to educate professionals who wish to contribute to strengthening the digital defensibility of states, organisations and individual citizens.

Flat6Labs

Flat6Labs

Flat6Labs is the MENA region’s leading seed and early stage venture capital firm, currently running the most renowned startup programs in the region.

Menaya

Menaya

Menaya provide Ethical Hackers for leading companies while also providing cyber security solutions to help major infrastructures protect against cyber crime.

Ruptura InfoSecurity

Ruptura InfoSecurity

Ruptura InfoSecurity provide CREST Accredited Penetration Testing & Offensive Security Services. We secure your critical assets through targeted and research driven penetration testing.

Coalition for Secure AI (CoSAI)

Coalition for Secure AI (CoSAI)

CoSAI is an open ecosystem of AI and security experts from industry leading organizations dedicated to sharing best practices for secure AI deployment and collaborating on AI security research.

Nicos AG

Nicos AG

Nicos AG specializes in secure, global data communication.

Root Evidence

Root Evidence

Root Evidence's mission is delivering evidence-driven solutions that distill digital risk into quantifiable business outcomes.