Cybercriminals Attack many Organizations in New Cyber Espionage Campaign

Security researchers of security firm Trend Micro discovered a new cyber espionage campaign targeting many organizations of different industries.

The delivered malware is dubbed "Siesta" on account of periods of dormancy to enter at regular intervals with emails targeting executives of the company.

Trend Micro observed that the sender's email address is spoofed to look like as if it was sent by another employee of the company.

The malicious messages did not have malware with it but it contained links which direct to download website. To increase the chances of success, the website hosting the malware had a name like http://{malicious domain}/ {organization name}/{legitimate archive name}.zip.

The archive contained an executable which when first looked upon appears like a harmless PDF document but when executed, a legitimate PDF file which may have been taken from the targeted company's website and a malicious component were dropped.

The malware silently entered into the machine when the victim was looking at the PDF document and started communicating with a command and control server from which it received commands like "sleep" and "download".

The sleep command instructs the malware to remain idle for specified number of minutes before resuming its activities and the download command instructs the malware to download and execute an additional malicious component.

Actually the name Siesta campaign has been inspired from the use of sleep command ("siesta" means "nap" in Spanish).

SCMagazine.com published a report quoting Jon Clay, Senior Manager for Global Threat Communications of Trend Micro as saying "the purpose of the campaign may be to collect valuable data from these organizations (referring to organizations in energy, finance, telecommunications, defense and transportation industries). Also initial investigation reveals that the attacker did their homework on the organizations in order to infiltrate it."

Early detection is important in preventing attacks from exfiltrating confidential data of company. Organizations and large enterprises need an advanced threat protection platform to mitigate the risks posed by such attacks. They also need to educate their workers about such malicious campaigns which pose a continuous threat to the company. Trend Micro concluded that users should always exercise caution while opening emails and links.

» SPAMfighter News - 3/15/2014