Tag Archives: Bredolab

Are You in the Bullseye for Targeted Malware Attacks?

image Cybercriminals, driven by opportunity, tend to use the shotgun approach to achieve the highest “market” penetration possible, and to maximize every conceivable opportunity to spread malware.

The bad guys are strategic in their thinking; they plan ahead – and realize that the timing and implementation of tactics, based on their strategy, is critical to achieving maximum “market” penetration.

Now it seems, certain cybercriminals have developed a new strategy, and tactics, focusing on specific targets, sniping if you like, rather than using the well tested shotgun model.

You’re probably familiar with the successful China-based hacker attack against Google, which used a combination of a PDF attachment, coupled with a zero day security hole in Adobe Reader. As it turned out, Google was not the only company to be victimized in this attack. Reportedly, at least 20 other companies were also specifically targeted.

Symantec Hosted Services latest report, which focuses on this issue, is scary stuff. You’ll find that reading this report will assist you understanding the state of the current Internet threat environment, and will be helpful in expanding your sense of threat awareness that an active Internet user requires.

Courtesy of Symantec Hosted Services and MessageLabs Intelligence.

Even in a world where internet threats present an ever-evolving and increasingly sophisticated danger to businesses, targeted attacks are the most potent of all—dealing the most devastating short and long-term damage to the victims.

Counter to intuitive thinking, a high degree of sophistication makes these low volume, highly personalized emails have a higher probability of being successful than the mass email blasts.

Symantec Hosted Services has detected highly targeted attacks on seven specific companies in the education and public sectors. The attack is unique in that it used the Bredolab malware as the payload and the source of the emails are individual webmail accounts powered by one of the largest botnets currently in operation, presumably Cutwail.

This signifies a new level of sophistication on behalf of cyber criminals, where they are combine the strength of a botnet with the razor sharp focus of social engineering and the sense of legitimacy offered by popular webmail providers.

You can learn more about this particular attack on the MessageLabs Intelligence Blog.

Organizations falling foul of a targeted attack can be faced with crushing bills running into hundreds of thousands of dollars. Lost business, bad publicity, plunging share price – these are just some of the potential consequences of a successful attack.

Here’s a look at some of the popular techniques currently being deployed by cyber criminals:

Targeted Trojans – Aimed and delivered with sniper-like precision, the targeted Trojan’s objective is to slip through an organization’s defenses and cleverly dupe the recipient into downloading a malicious ‘Trojan program onto their computer.

The Trojan may, silently and secretly, lie hidden for weeks, months or years, slowly but surely undermining the targeted organization and imperceptibly eroding their performance and ability to compete.

Phishing Attacks – Schemes that trick people into sending money or providing personal information, phishing emails (and variations called “pharming” or “whaling”) are used for identity theft. A cyber-criminal who sends emails that contain authentic information about the user or their company greatly increases the odds of getting a “bite.”

Social Networking – One popular approach is to create a fake profile on a social media website and use it to post malicious links that “phish” for corporate users. In this form of phishing, spammers post blog comments on other members’ pages; obtain the unsuspecting members’ account information; then send messages from the phished accounts to other contacts.

Organizations must balance the business value of social media websites with the risks of many non-secure social media environments.

About Symantec: Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. More information is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.


Filed under bots, cybercrime, Don't Get Scammed, Don't Get Hacked, email scams, Internet Security Alerts, Malware Reports, MessageLabs, Phishing, Symantec, trojans, Windows Tips and Tools