IBM's Trusteer, which develops anti-fraud software used by a number
of banks, warns that it's discovered a Citadel variant that's been
tweaked for espionage purposes, and which is being used to target a
number of organizations, including an unnamed chemical manufacturer.
"While the use of advanced malware that was originally built for
financial theft as a generic advanced persistent threat tool is not new,
this is the first time we've seen Citadel used to target nonfinancial
organizations," says Dana Tamir, director of enterprise security at
IBM's Trusteer, in a blog post. Trusteer has declined to name the
victims - or confirm whether it could tell if the campaign was related
to industrial espionage or nation-state spying. It says only that they
victims include "one of the largest sellers of petrochemical products in
the Middle East and a regional supplier of raw petrochemical
materials." Trusteer says it directly notified all of the fewer than 10
victims it identified.
Based on Trusteer's analysis, tweaking Citadel to spy on non-banking
businesses didn't take much customization. "According to an analysis of
the configuration file used in this attack, the Citadel malware was
instructed to look for user access to certain URL addresses of
Internet-connected systems, such as webmail, of the targeted companies,"
Tamir says. "Once the browser accesses such a URL, the malware is
instructed to grab all the information submitted by the user."
Because this type of "form grabbing" attack is happening in the
browser, it allows the malware to grab the data being submitted -
including usernames and passwords for corporate webmail accounts -
before it gets encrypted. But Trusteer says it's not clear if the
attackers directly targeted the petrochemical and other firms, or if
they just happened to retrieve the valid credentials from PCs infected
with the malware, as part of more widespread financial cybercrime
activities.
--
To protect against Cyberthreats consider hiring SLC Security Services LLC to perform a complete and full security audit of your network. "If we don't find a vulnerability, you don't pay us! Guarantee.
No comments:
Post a Comment