Check Point Detects & Quarantines Wave of Cyber Assaults Hitting Israel’s Public Sector

Check Point the security company has had its researchers detect and quarantine an assortment of cyber assaults which were being aimed at Israel's public sector. The attackers within the particular incident employed the Microsoft Word Intruder (MWI) attack toolkit for installing the information-stealing ZeuS Trojan in a modified edition on the contaminated computers.

Check Point made the discovery when a high-profile customer reported about one dubious RTF file and asked to do a thorough examination of the same.

Actually, the file mentioned came into the customer's organization through spam mails dispatched at the e-mail ids of several employees.

When over, the examination showed that the file had been contaminated with MWI, one popular package that particularly strikes Word documents saved on Windows computers.

MWI is a pretty complicated attack toolkit that abuses several known vulnerabilities for installing even more perilous malware samples on the contaminated computers.

Meanwhile, Trojan ZeuS represents a cyber-weapon created for particularly attacking the corporate world. There it filches banking credentials, browser passwords as well as other authentication information off the victims.

A thorough study of the RTF file showed that the file, a modified version of ZeuS, dispatched one HTTP GET query onto its command-and-control server that actually was utilized for keeping watch over many campaigns that separately carried different payloads. When researchers recovered the Log files held on the server they found that the Internet Protocol addresses, which the series of assaults targeted, happened to be based at Israel.

The payload issue occurred chiefly since following receipt of the malware-loaded RTF document through spam, staff members viewed it leading to the execution of the payload. The attacks, which hit Israel's public sector, spanned many months prior to being detected and destabilized; however, nothing hitherto is known of their objective alternatively about the perpetrators of the attacks.

Elaborating on the campaign, Check Point blogs that these are usually the work of adversaries known to be political organizations else nation-states. Moreover, such adversary-launched attacks generally employ dedicated tools customized for the purpose. Thus, the campaign in question seems unnatural to be dependent upon intermediate materials like the ZeuS and MWI.

» SPAMfighter News - 10/20/2015