Jump to content
Aerosol

Small businesses trashed in big malware campaign

Recommended Posts

Posted

malware_secuirty.jpg?x=648&y=429&crop=1

Kaspersky researcher Ido Noar says attackers have hit hundreds of small and medium businesses, stealing credentials and documents in a noisy smash-and-grab campaign.

Noar says criminals have stolen some 10,000 documents from nanotechnology, education, and media outfits in an attack that foists a newly-discovered strain of malware called "Grabit".

"Our documentation points to a campaign that started somewhere in late February 2015 and ended in mid-March," Noar says in a notice.

"As the development phase supposedly ended, malware started spreading from India, the United States and Israel to other countries around the globe.

"Grabit threat actors did not use any sophisticated evasions or manoeuvres in their dynamic activity."

Attackers did not commit much effort to conceal their command and control servers, nor hide from the local system. Noar discovered the locations of the servers by simply opening the malicious Grabit phishing document file in an editor.

"During our research, dynamic analysis showed that the malicious software’s 'call home' functionality communicates over obvious channels and does not go the extra mile to hide its activity. In addition, the files themselves were not programmed to make any kind of registry manoeuvres that would hide them from Windows Explorer," he says.

The criminals could choose their favourite remote access trojan including DarkComet and the less complex HawkEye keylogger.

Grabit should serve as a wake up call to admins in charge of protecting small businesses that coordinated attack campaigns are not confined to large enterprises and high-profile organisations.

Source

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...