Cyber attackers have launched a simultaneous intrusion into several energy firms in the Middle East, United States and UK in what Symantec believes is a cyber espionage. This kind of attack is designed to steal confidential data about corporate matters.
The attack came in a form of a string of emails that contain malicious files disguising as safe attachments. This is a common method of attack, in which a malware is sent to the target victim and when the file containing the malicious content is opened, a whole new Pandora’s box is opened.
Attackers can then spy on individuals to view sensitive content of their computer such as banking credentials, email addresses and other confidential data. This is particularly alarming because what is at risk here is the oil and gas industry, upon which many of us depend. Certainly the perpetrators of the attack have a strategic interest in those companies affected, given the lucrative business of oil and gas.
Specifically, the malware here is identified as a Trojan horse which, although does not spread in multiple computers like a virus, can do massive harm on a system in grand scale, far more destructive than a virus. The Trojan called Trojan.Loziak is being masked by hackers as a Microsoft Excel file that, when downloaded and opened in a computer, will scrape system configuration data off the machine. This way, attackers can find out what data is being contained in a targeted computer, thus determining whether to launch a stealthy attack on that machine.
Attackers use the Trojan malware to collect data on names, software installed and hardware details in a computer. Before the hackers perform the actual attack on the victim computer, they first install in a secret method another malware in the computer that will leave the system vulnerable to additional attacks. Symantec found that this malware is channeled through servers located in various parts of the world, such as the United States. UK and Bulgaria.
Targeted oil and gas companies are mostly based in such countries as the United Arab Emirates, Kuwait, Saudi Arabia, U.S., UK, and Uganda.
The entry point of this attack is an old exploit in Microsoft Windows, which according to Symantec has been used in previous cyber espionage campaigns. And they are aided by lax security practices on the part of the user. It appears this exploit has not been fixed yet. Again, the easiest way to avoid this attack is to update system software installed in the PC.
