• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Current News   »   Cyber espionage impacts nearly 70 countries

Cyber espionage impacts nearly 70 countries

  • Posted on:January 18, 2013
  • Posted in:Current News
  • Posted by:
    Trend Micro
0

When building a defense against Internet security threats, companies have to be thinking big. While there are certainly threats that can come within the country where they reside, it has been shown that cyber threats are more globalized than ever, including a recent attack discovered by security researchers in Russia. The so-called “Red October” operation targeted governments, research institutions and diplomats for at least five years before being discovered.

Wired said this was a “highly targeted” campaign focusing mainly on Central Asia and Eastern Europe. Ringleaders were looking to harvest documents and data from computers, storage utilities and a variety of mobile devices, according to Kaspersky, which discovered this spying operation. Other victims spread across 69 countries, including the United States, Ireland, Japan and many more. Affected institutions included nuclear and energy research companies, aerospace industries and government agencies and embassies, among others

“The main purpose of the operation appears to be the gathering of classified information and geopolitical intelligence, although it seems that the information-gathering scope is quite wide,” Kaspersky said in a report on the cyber espionage. “During the past five years, the attackers collected information from hundreds of high-profile victims, although it’s unknown how the information was used.”

How this operation worked
Malware was initially spread via spear-phishing campaigns, the security company said, which looked to target victims within the organization. Exploits in Microsoft Excel and Word hid a Trojan virus in the machines these people were working on and checked to see if any other devices were vulnerable. It was then able to spy, undetected, by recording keystrokes, taking screenshots, extracting browsing history, documents and account information and creating a one-way covert channel of communication.

“The main malware body acts as a point of entry into the system which can later download modules used for lateral movement,” Kaspersky’s report said. “After initial infection, the malware won’t propagate by itself – typically, the attackers would gather information about the network for a few days, identify key systems and then deploy modules which can compromise other computers in the network, for instance by using the MS08-067 exploit.”

Any information that was harvested and stolen by these cyber criminals was stored for later use. IT is provided that the hacked information could be full of intelligence to which hackers can refer to in times of need. At least 5 terabytes of confidential information could have been stolen over the five-year span of this operation, the security company predicted.

How to stop spear-phishing
Jason Clark of Websense wrote on CSO Online that companies do not have to simply sit and wait to be hit by one of these spear-phishing attacks. He said there are three ways that will stop nearly all spear-phishing attacks that may affect a company, starting with continuous network monitoring.

“First, stop malicious URLs from even getting to your users’ corporate inboxes at your gateway,” he said. “Even if you have inbound email sandboxing for your corporate email, some users might click on a malicious link through a personal email account, like Gmail. In that case, your corporate email spear-phishing protection is unable to see the traffic. Bottom line: your web security gateway needs to be intelligent, analyze content in real time, and be 98 percent effective at stopping malware.”

Two other tips for stopping spear-phishing is to keep up with the human element by watching employee behavior and training them on how to spot scams and screen email links and attachments.All of these together should help to prevent any organization from being hit by a spear-phishing email.

Security News from SimplySecurity.com by Trend Micro.

Related posts:

  1. Western countries concerned about cyber retaliation for Osama killing
  2. U.S. labels China, Russia top cyber espionage threats
  3. Political Figures = Preferred cyber-espionage targets
  4. Step aside, James Bond: Cyber espionage on the rise

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.