Middle East: Cyberwar Heats Up

Uploaded on 2015-04-09 in NEWS-Cybersecurity News, INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW, TECHNOLOGY--Hackers

Two new malware campaigns have been spotted in the Middle East, according to reports released this week. One targeting energy companies and the other was going after political targets in Israel and Lebanon.

Symantec researchers observed a brand-new information-gathering tool, Trojan. Laziok, this January and February, targeting primarily oil, gas and helium companies in the Middle East. The United Arab Emirates saw 25 percent of the infections, with other Middle East countries adding up to 30 percent more. Pakistan had 10 percent, and the US and the UK had another 10 percent between them.

According to Symantec senior security response manager Satnam Narang, the infection begins with a phishing email that contains an infected attachment, typically, an Excel file. The attachment uses a known ActiveX exploit to get in, an exploit that has been patched in 2012.
 
According to Philip Lieberman, president at Los Angeles-based security vendor Lieberman Software Corp., the recent drop in oil prices has led to a decrease in IT security investment in the oil and gas industry.

"This attack exploits an apparently well-known lack of investment by the oil and gas industry in keeping their Microsoft Office software up to date," said Lieberman and he also said that his company has seen this first-hand.

The exploit code in the attachment then installs the Trojan.Laziok, which collects information about the computer and sends it back to the attackers. That includes information about what kind of anti-virus is present. Tools that enable malware to evade antivirus detection are easily available, confirmed Joe Barrett, senior security consultant at Lake Mary, Fla.-based Foreground Security. "It means that defense in-depth and the principle of 'least privileged' are more important than ever."

Network defenders should watch for malicious traffic and be ready to isolate machines suspected of being infected.
This malware can monitor audio by turning on the audio on the computer, or capture video using the webcam. It can also log keystrokes and install additional malware.

According to researchers at Check Point Software Technologies, who released the Volatile Cedar report this week, that campaign dates all the way back to 2012. It also uses a new, custom information-gathering Trojan, which Check Point named Explosive. But while the Trojan.Laziok attack started with phishing emails, the Volatile Cedar attack began with publicly-facing web servers.

In addition, Check Point traced back the source of the Volatile Cedar attack to actors in Lebanon, and their targets were narrowly targeted political organizations in Israel and Lebanon. The targeting of organizations in Lebanon could be related to espionage among rival political groups, researchers said.

One possible indication that the Trojan.Laziok is not politically motivated is that the malware, which is also known as the Kraken Remote Access Trojan, has been spotted stealing Bitcoin wallets.

"It is unknown who is actually behind the attacks using Kraken," said Jeremy Scott, senior research analyst at Omaha-based security firm Solutionary, Inc. "However... Kraken is far from an 'espionage' malware unless the attackers behind it are more sophisticated than researchers are aware of."

CSO Online
 

« Is ‘Off The Grid’ A Thing Of The Past?
Commando Bugs »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

TBG Security

TBG Security

TBG provides a portfolio of services including cyber security, compliance and continuity solutions.

SSLGURU

SSLGURU

SSLGURU bring all of the major SSL certificate vendors to one market place in order to create the world's largest SSL store with the most competitive prices.

Qualitèsoft Technology

Qualitèsoft Technology

Qualitèsoft Technology is a leading Software Development and Quality Assurance organization. We specialize in Custom Development, Mobile Application, Software Testing and Quality Assurance.

Mondo

Mondo

Mondo is the largest national staffing agency specializing exclusively in high-end, niche IT, Tech, and Digital Marketing talent. Areas of expertise include Cybersecurity.

Dataglobal

Dataglobal

Dataglobal is an industry-leading provider of Information Archiving/Governance and Unified Data Classification solutions.

Computer Forensic Services

Computer Forensic Services

Computer Forensic Services are digital evidence specialists. Practice areas include Information Security, e-Discovery, Law Enforcement Support and Litigation.

Global Cyber Alliance (GCA)

Global Cyber Alliance (GCA)

Global Cyber Alliance is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world.

Network Integrated Business Solutions (NIBS)

Network Integrated Business Solutions (NIBS)

NIBS is an IT services provider offering a range of services with the aim of simplifying and securing technology.

CERT-PH

CERT-PH

CERT-PH is the National Computer Emergency Response Team and the highest body for cybersecurity related activities in the Philippines.

North American International Cyber Summit

North American International Cyber Summit

The North American International Cyber Summit brings together experts from around the globe to provide timely content and address a variety of cybersecurity issues impacting the world.

Polymer

Polymer

Polymer is a Data Governance & Privacy Platform for third party SaaS apps. A modern Data Loss Protection (DLP) approach to remove sensitive data exposure on collaboration tools in real-time.

FPT Software

FPT Software

As a leading technology service provider, FPT assists customers of all sizes and from any industries in implementing and adapting digital technologies including cybersecurity.

Oman Technology Fund (OTF)

Oman Technology Fund (OTF)

Oman Technology Fund aims to make Oman the preferred destination for emerging tech companies in the region, and an attractive and stimulating destination for venture capital.

Ethiopian Cybersecurity Association (ECySA)

Ethiopian Cybersecurity Association (ECySA)

ECySA was formed to play an influential part in the ongoing and dawning cybersecurity practices of Ethiopia, efficiently creating public and private awareness on all kinds of cyber risks and threats.

CommandK

CommandK

CommandK provides companies with infrastructure to protect their sensitive data. Built-in solutions to prevent data-leaks and simplify governance.

Cynch Security

Cynch Security

Cynch Security are passionate about building a world where every business is resilient to cybersecurity risks, no matter what their size.