Network-assessment

The Russian anti-malware firm, Kaspersky, has recently found a spear phishing scam affecting “email and other electronic communications targeted at specific individuals, organizations, or businesses.” These exploits are specifically designed to steal information for malicious purposes by installing secret malware on unsuspecting systems. And the kicker is, they do it by posing as your boss.

According experts at Kaspersky, approximately 800 specially-crafted emails have gone out, targeting corporate employees in various Russian companies with the hopes of accessing their personal data. These digital communications were formatted to look like official corporate emails, complete with “FROM:” lines bearing the names of managers, supervisors, CEO’s, and other higher-ups. And this trickery convinced many employees that they were, in fact, communicating with their bosses through this channel.

Because these spammy emails were so detailed and well-tailored, they convinced many workers to discuss internal issue known only by employees in the company. Although the contents of the emails were not directly malicious, the links they offered and their larger intent most certainly were—Trojan malware, in fact.

Security expert at Kaspersky, Vyacheslav Kopeytsev, explained further, “The attackers demonstrated a clear interest in targeting industrial companies in Russia. Based on our experiences, this is likely to be due to the fact that their level of cybersecurity awareness is not as high as it is in other markets, such as financial services. That makes industrial companies a lucrative target for cybercriminals—not only in Russia but across the world.”

Upon installation, spear phishing emails will begin quietly installing a remote app on the user’s device, and once this happens, the virus authors gain unfettered access to the host computer’s data files. Any documents not password protected, like Word files, spreadsheets, accounting apps, or banking information are then exposed to further threat. A hacker’s goal is to capture as much corporate data as possible, especially any confidential communications containing sensitive information. That type of digital score pulls in great money on the darknet.

This is where humans become the weakest link in the security chain, as is proven through the recent success of social engineering exploits. When employees see an important email for the boss, they tend to respond accordingly. It’s just a fact—which is why this scam has been particularly effective and painful.

The malware attacks carried these viruses:

  1. Babylon RAT
    2. Betabot/Neurevt
    3. AZORult stealer
    4. Hallaj PRO Rat

Kaspersky believes these cyberattackers were clever and did their homework and researched super-specific details about users before trying to con them into taking action and sharing private information. A later report by Kaspersky enumerated the functionalities of the viruses being carried by the spear phishing emails:

  • Logging keystrokes
  • Making screenshots
  • Conducting DDoS attacks
  • Stealing cryptocurrency wallets
  • Stealing Skype correspondence
  • Intercepting and spoofing user traffic
  • Using the computer as a proxy server
  • Downloading additional malicious files
  • Sending any user files to the command-and-control servers
  • Stealing passwords from popular programs and browsers
  • Collecting system information and information on installed programs and running processes

Share this article

Network-assessment

Seasoned writer with a demonstrated history working in areas of information security, digital rights, and education. Skilled in content curation, research, curriculum development, editing, and history. Strong media, marketing, and communications professional with an MA in Education and a BA in from the University of California, Berkeley. Find her on Twitter: @jennjeffers3

Post a comment