Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Cybercriminals getting busier than ever at pushing malware

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

February 8, 2017

Mounting evidence prove that cybercrooks are busier now more than ever at pushing malware to internet users. It's a daily habit and the trend is growing rapidly.

Hackers have hit scores of enterprises and various organizations in more than forty countries using hidden malware. It's clever and it works, unless you are very careful and vigilant.

Banks, telecommunication companies and government organizations in the United States, South America, Europe, Asia and Africa have already been hit hard by the ongoing and stealthy attacks, and the trend is growing rapidly, internet security experts assert users.

Case in point: Kaspersky Lab researchers now are reporting that the global cyber attacks harness widely available penetration-testing and administration tools as well as the PowerShell framework for task automation in Windows.

Malicious code resides only in memory, they assert. Miscreants behind the attacks have apparently taken lots of effort to avoid writing files onto the hard drive of compromised PCs, a tactic designed to foil both whitelisting technologies and post-breach forensic analysis.

The cyber criminals are using anti-forensic techniques uncommon in everyday assaults, and are getting better and better at it, Kaspersky warns.

"The hackers stay around just long enough to gather critical data before their traces are wiped from the crime scene on the first reboot," according to Kaspersky Lab.

Kaspersky observers were set on the trail on the malware campaign by banks in CIS which had found the penetration-testing software, Meterpreter, now often used for malicious purposes, in the RAM memory of their servers when it wasn't supposed to be there.

The Meterpreter code was combined with a number of legitimate PowerShell scripts and other utilities. The combined tools had been adapted into malicious code that could hide in the memory, invisibly collecting the sensitive credentials of system and root administrators.

The ultimate purpose of the attack schemes appears to be access to various financial processes. Kaspersky subsequently discovered that the same types of internet attacks were occurring on an industrial scale worldwide, hitting more than 140 enterprise networks in a range of various business sectors, with most victims located in the U.S., France, Ecuador, Kenya, Britain and Russia.

It's still unclear for now who is behind the attacks, but some are starting to have a few clues. "The utilization of open source exploit code, common Windows utilities and unknown domains makes it almost impossible to determine the group responsible or even whether it's a single group or several groups sharing the same tools," warns Kaspersky Labs.

For example, known groups that have the most similar approaches are GCMAN and Carbanak, who therefore both count as suspects.

Various details of the second part of the operation, showing how the attackers implemented unique tactics to withdraw money through ATMs are due to be presented at Kaspersky Lab's Security Analyst Summit in April 2017.

Source: Kaspersky Labs.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer