Black Atlas campaign Targets SMBs, says Trend Micro

According to Trend Micro the security company, some sophisticated cyber-criminals have changed the function of penetration testing devices for hacking small and medium-size businesses' (SMBs) networks across the world while seeking to infect POS (point of sale) machines with malicious software, published computerworld.com in news on December 3, 2015.

Known as operation Black Atlas (name which security researchers of Trend Micro the anti-virus vendor has given), the latest assault began during September 2015. In this campaign, the attackers employ numerous tools for searching on the Internet to locate possible vulnerable spots within different organizations' computer networks.

The tools mentioned contain brute-force password cracking software, port scanners, remote desktop scanners, Simple Mail Transfer Protocol (SMTP) scanners, as well as more attack applications easily available by searching the Internet.

Researchers at Trend Micro state that networks having easily guessable password practices have the tendency to get victimized during the early penetration testing phase. This early phase uses a "shotgun" strategy for invading PC-networks, since the Black Atlas execution doesn't narrow down on particular targets, however, just examines the ports available on the Internet followed with gaining several targets simultaneously at the end.

Moreover, following utilization of a batch of tools for examining what best way these can invade computers at a reconnaissance or intelligence gathering session, the Black Atlas operators prepared one test plan as well as employed another batch of tools for invading PC-networks. Having invaded, the criminals got to know the environment well enough to begin leveraging their PoS malware.

The malicious programs employed within the Black Atlas operation are different malware samples like of NewPOSThings, Alina, BlackPoS (its other name is Kaptoxa), and Kronos a backdoor Trojan. These malware programs are then joined with botnets namely Diamond Fox and Gorynych for contaminating the POS machines.

Trend Micro states the data Black Atlas stole included Facebook logins, website credentials, while within one specific instance the criminals even compromised one active video feed with the help of a CCTV camera.

The Black Atlas attack infected the systems mostly in USA, Chile, UK, Germany, Taiwan, India and Australia, the security company informs.

» SPAMfighter News - 12/15/2015