Canadian Corporation Targeted with Macro-based Malware Attack

A security agency reports that one prominent Canadian corporation into hospitality service had its financial activities illegally accessed through an e-mail attack involving certain Microsoft Word document carrying malicious macros. Similar attacks targeted the hospitality sector within many other countries too. It appears the attacks are orchestration of criminal gangs joining forces together.

A spokesperson representing Trustwave's SpiderLabs explained that it wasn't feasible to release the company's name; however, stated that the attackers acquired false identities for purchasing digital certificates that were authentic while carrying out their scheme. The con artists were even resorting to cloud platforms as well as Google Forms, Google Docs excel files, and Pastebin.com to regulate their command and control so the infected computers could be tracked.

The attack's knowledge emerged on January 1, 2017 for the first time through the Tr1adx Intelligence Bulletin. Subsequently, Forcepoint Security Labs, on 3rd January, released one report giving further information that it linked with the Anunak/Carbanak criminals group. Next day, Trustwave gave additional information through one published report regarding the scheme that it named "Grand Mars" same as cyber-criminals' name put in a particular digital certificate they had bought from Comodo Group.

Using an e-mail as the attack medium the cyber-crooks attached a document of Microsoft Word. If this attachment is viewed it results in several malevolent files getting crafted else downloaded letting the crooks acquire certain extent of admission into victims' systems, elaborates Trustwave. Within a few instances, the attackers really contacted victims via phone, a medium for executing social engineering tricks for getting them to click on the attachments.

To motivate themselves attackers seek financial gain, complete hold over the victims' systems as well as amassment of maximum bots from the attacked organization. Evidently, from forensics investigation it seems those behind the activities are various individuals else various people's groups giving to reach the conclusion that many sinister groups had joined forces within the scheme while each group maintained individual task and role. IT World Canada posted this January 19, 2017.

The criminal groups can hardly be blacklisted, notes Trustwave, while Forcepoint says the Carbanak gang still seeks stealth methods for bypassing detection.

» SPAMfighter News - 1/23/2017