Live
- ‘Get Set, Grow Summit 2024’ Focuses on Digital Detox for Families
- Stokes motivates his team to put in extra effort, says England pacer Potts
- From overcoming setbacks to leading India in U19 Women’s Asia Cup, Niki Prasad's amazing journey
- Driving Enterprise Security: Inside Venkata Reddy Thummala’s Leadership Journey
- Constitution debate: PM Modi hails 'Nari Shakti'; makes strong pitch for 'United Bharat’
- Abhijeet Bhardwaj: Revolutionizing Enterprise Analytics with Innovation and Expertise
- Bihar: Inquiry initiated against principal who went to buy veggies during school hours
- Press Sri Lankan Prez for release of Indian fishermen: TN Cong MP to EAM Jaishankar
- TN: DMK postpones executive meet due to heavy rains & Parliament session
- Porous silicon oxide electrodes can fix durability issues in batteries: Researchers
Just In
Kaspersky Lab Report: A Cyber-spy Tracking SMBs in India
28 May 2015 10:35 PM IST
x
Highlights
Kaspersky Lab has recently discovered a new business-oriented cyber-spying campaign called Grabit that was able to steal about 10,000 files from small/medium-sized organizations based mostly in India, Thailand and the US.
Kaspersky Lab has recently discovered a new business-oriented cyber-spying campaign called Grabit that was able to steal about 10,000 files from small/medium-sized organizations based mostly in India, Thailand and the US.
The list of target sectors includes chemicals, nanotechnology, education, agriculture, media, construction and more. Companies based in India and Thailand had the largest percentage of infected machines. By looking at the stolen credentials, it is very clear that employees sent the malware to one another, as stolen host names and internal applications are the same.
Other countries affected are the UAE, Germany, Israel, Canada, France, Austria, Sri Lanka, Chile and Belgium. Kaspersky Lab documentation points out that the campaign started somewhere in late February 2015 and ended in mid-March. As the development phase supposedly ended, malware started spreading from India, the United States and Israel to other countries around the globe.
“We see a lot of spying campaigns focused on enterprises, government organizations and other high-profile entities, with small and medium-sized businesses rarely seen in the lists of targets. But Grabit shows that it’s not just a “big fish” game – in the cyber world every single organization, whether it possesses money, information or political influence, could be of potential interest to one or other malicious actor. Grabit is still active, and it’s critically important to check your network to ensure you’re safe.
On May 15th a simple Grabit keylogger was found to be maintaining thousands of victim account credentials from hundreds of infected systems. This threat shouldn’t be underestimated,” – says Ido Naor, Senior Security Researcher, Global Research & Analysis Team.
Infection starts when a user in a business organization receives an email with an attachment that appears to be a Microsoft Office Word (.doc) file. The user clicks to download it and the spying program is delivered to the machine from a remote server that has been hacked by the group to serve as a malware hub. The attackers control their victims using HawkEye keylogger, a commercial spying tool from HawkEyeProducts, and a configuration module containing a number of Remote Administration Tools (RATs).
To illustrate the scale of operation, Kaspersky Lab can reveal that a keylogger in just one of the command-and-control servers was able to steal 2887 Passwords, 1053 Emails and 3023 Usernames from 4928 different hosts, internally and externally, including Outlook, Facebook, Skype, Google mail, Pinterest, Yahoo, LinkedIn and Twitter, as well as bank accounts and others.
An Erratic Group of Cybercriminals On the one hand, the Grabit threat actor does not go the extra mile to hide its activity: some malicious samples used the same hosting server, and even the same credentials, undermining its own security.
On the other hand, the attackers use strong mitigation techniques to keep their code hidden from analysts’ eyes. This leads Kaspersky Lab to believe that behind the sniffing operation is an erratic group, with some members more technical and focused on being untraceable than others. Expert analysis suggests that whoever programmed the malware did not write all the code from scratch. To protect against Grabit, Kaspersky Lab recommends following these rules:
Сheck this location C:--Users--<PC-NAME>--AppData--Roaming--Microsoft, if it contains executable files, you might be infected with the malware. This is a warning you should not ignore.
The Windows System Configurations should not contain a grabit1.exe in the startup table. Run “msconfig” and ensure that it is clean from grabit1.exe records.
Don’t open attachments and links from people you don’t know. If you can’t open it, don’t forward it to others – call for the support of an IT-administrator.
Use an advanced, up to date anti-malware solution, and always follow the AV task list for suspicious processes. Kaspersky Lab products detect all known Grabit samples and protect its users against the threat. To learn more about the “Grabit” operation, please read the blog post available at Securelist.com.
About Kaspersky Lab Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users*.
Throughout its more than 17- year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 300 million users worldwide.
Learn more atwww.kaspersky.com.
* The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2013. The rating was published in the IDC report "Worldwide Endpoint Security 2014–2018 Forecast and 2013 Vendor Shares (IDC #250210, August 2014). The report ranked software vendors according to earnings from sales of endpoint security solutions in 2013.
More On
Next Story
More Stories
ADVERTISEMENT
© 2024 Hyderabad Media House Limited/The Hans India. All rights reserved. Powered by hocalwire.com