Tick Group’s Malware Attack Strikes Again
Palo Alto Networks Unit 42, in its report of June 2018, mentioned that weak supply chain security may have been exploited, by a threat group named Tick, for modifying the USB drives. Supply chains targeted by malware campaigns is not new at all, this recent trend of possible attack is just another one - a trend which can be mainly attributed to poor or improper security protocols of the vendors.
As per the report, the Tick group specifically is attacking the machines installed with either Windows Server 2003 or Windows XP, and makes all attempts to trick the user to install software that is a Trojanized version. Once it gets installed, then it downloads a malware called SymonLoader onto the computers. Soon after, the malware begins to monitor for a specific kind of secure USB drive that is made by a Defence Company of South Korea. If this USB drive gets detected, then one unknown executable file is extracted by SymonLoader from the device, and that executable file then runs on local disk.
The secure USB drive is likely being incorporated by Tick group into its campaign for targeting air-gapped computers that have no internet connection, as per the report. The report further stated that as they don't have unknown malicious file or a USB drive that was compromised, they are unable to find out how the USB drives gets compromised.
"Specifically, we do not know if there has been a successful compromise in the supply chain making these devices, or if these have been compromised post-manufacturing and distributed using other means such as social engineering," the report added.
In 2017, users above the count of two million experienced multistage malware attack by installing a security application, which as per the researchers, originated within the supply chain of providers.
As per F-Secure, this trick was also used by the threat groups for targeting organizations who are operating ICSs (Industrial Control Systems). Most of the times these threats are successful due to improper security implementation by the third party vendors and suppliers to look after connections to the enterprise networks.
In view of these risks, organizations are advised by IBM experts to review cloud configurations carefully, and make sure about strong encryption protection of all data that are accessible to the third party suppliers.
» SPAMfighter News - 8/1/2018
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!