Middle East: Cyberwar Heats Up

Two new malware campaigns have been spotted in the Middle East, according to reports released this week. One targeting energy companies and the other was going after political targets in Israel and Lebanon.

Symantec researchers observed a brand-new information-gathering tool, Trojan. Laziok, this January and February, targeting primarily oil, gas and helium companies in the Middle East. The United Arab Emirates saw 25 percent of the infections, with other Middle East countries adding up to 30 percent more. Pakistan had 10 percent, and the US and the UK had another 10 percent between them.

According to Symantec senior security response manager Satnam Narang, the infection begins with a phishing email that contains an infected attachment, typically, an Excel file. The attachment uses a known ActiveX exploit to get in, an exploit that has been patched in 2012.
 
According to Philip Lieberman, president at Los Angeles-based security vendor Lieberman Software Corp., the recent drop in oil prices has led to a decrease in IT security investment in the oil and gas industry.

"This attack exploits an apparently well-known lack of investment by the oil and gas industry in keeping their Microsoft Office software up to date," said Lieberman and he also said that his company has seen this first-hand.

The exploit code in the attachment then installs the Trojan.Laziok, which collects information about the computer and sends it back to the attackers. That includes information about what kind of anti-virus is present. Tools that enable malware to evade antivirus detection are easily available, confirmed Joe Barrett, senior security consultant at Lake Mary, Fla.-based Foreground Security. "It means that defense in-depth and the principle of 'least privileged' are more important than ever."

Network defenders should watch for malicious traffic and be ready to isolate machines suspected of being infected.
This malware can monitor audio by turning on the audio on the computer, or capture video using the webcam. It can also log keystrokes and install additional malware.

According to researchers at Check Point Software Technologies, who released the Volatile Cedar report this week, that campaign dates all the way back to 2012. It also uses a new, custom information-gathering Trojan, which Check Point named Explosive. But while the Trojan.Laziok attack started with phishing emails, the Volatile Cedar attack began with publicly-facing web servers.

In addition, Check Point traced back the source of the Volatile Cedar attack to actors in Lebanon, and their targets were narrowly targeted political organizations in Israel and Lebanon. The targeting of organizations in Lebanon could be related to espionage among rival political groups, researchers said.

One possible indication that the Trojan.Laziok is not politically motivated is that the malware, which is also known as the Kraken Remote Access Trojan, has been spotted stealing Bitcoin wallets.

"It is unknown who is actually behind the attacks using Kraken," said Jeremy Scott, senior research analyst at Omaha-based security firm Solutionary, Inc. "However... Kraken is far from an 'espionage' malware unless the attackers behind it are more sophisticated than researchers are aware of."

CSO Online
 

« Is ‘Off The Grid’ A Thing Of The Past?
Commando Bugs »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CrowdStrike

CrowdStrike

CrowdStrike is a global provider of security technology and services focused on identifying advanced threats and targeted attacks.

QTS

QTS

QTS Realty Trust, Inc. is a leading provider of secure, compliant data center, hybrid cloud and managed services.

NetMotion Software

NetMotion Software

NetMotion Software specializes in mobile performance management solutions to manage, secure and support the mobile enterprise.

Ikarus Security Software

Ikarus Security Software

Ikarus focuses on antivirus and content-security solutions.

Jiran Security

Jiran Security

Jiran Security provides data and application security solution over email, mobile device and endpoints.

Loki Labs

Loki Labs

Loki Labs provides expert cyber security solutions and services, including vulnerability assessments & penetration testing, emergency incident response, and managed security.

Centre for Cyber Security Belgium (CCB)

Centre for Cyber Security Belgium (CCB)

The Centre for Cyber Security Belgium is the central authority for cyber security in Belgium.

Quantexa

Quantexa

Quantexa automates millions of operational decisions, at scale, across multiple business units, including Anti-Money Laundering, Know-Your-Customer, Fraud, Credit Risk and Customer Intelligence.

Cybolt

Cybolt

Cybolt helps companies, organizations, and governments manage digital risks and live in an environment of confidence and certainty.

Finesse Global

Finesse Global

Finesse is a global system integration and digital business transformation company.

SEK Security Ecosystem Knowledge

SEK Security Ecosystem Knowledge

SEK helps companies in the complex path of cybersecurity; in the analysis, detection and prevention of digital threats.

Astute Technology Management

Astute Technology Management

Astute Technology Management helps businesses take control of their technology and work with greater confidence.

Huntr

Huntr

Huntr provides a single place for security researchers to submit vulnerabilities, to ensure the security and stability of AI/ML applications.

SCS Technology Solutions

SCS Technology Solutions

SCS Technology Solutions has become the preferred partner for top performing organisations across Lincolnshire for IT support and consultancy.

Amiosec

Amiosec

Amiosec is a British cyber innovation business specialising in delivering simple-to-use solutions to the complex problems of the modern world.

System360

System360

System360 is one of Houston's top suppliers of network administration, design, security, and support services.