Cyber Attackers Target Visitors to American Oil-and-Gas Firm’s Website

Bromium the threat protection company of late got a complaint from one of its client firms about a cyber-assault whose source was an American online site belonging to one reputed technology start-up firm within US' ONG (oil & gas) zone, published securityweek.com dated September 17, 2014.

In the words of Bromium, the assault demonstrated one traditional waterhole assault aimed at possible users accessing the technology start-up's website. Surprisingly, the assault happened within days of an announcement by the firm of it getting massive monetary grant. Possibly, the assaulters thought there would be increased viewers of the website whilst the infection would spread further.

ONG organizations prove as preferred targets for cyber-criminals seeking to filch intellectual property as well as other sensitive data. Chief Security Architect Rahul Kashyap who's also Security Research Chief for Bromium said that the above incident caught his company's attention since the particular ONG technology firm got attacked merely within days it hit the headlines on managing to secure huge aid to enhance its technology. SCMagazine.com reported this, September 17, 2014.

Eventually, an American manufacturing corporate among Fortune 1,000 that noticed the announcement was viewing the tech start-up's website, thus exhibiting a traditional set up of the way the kind of assaults spread among organizations, Kashyap added.

In particular, Bromium discovered malicious software, which exploited the CVE-2013-7331 security flaw devoid of a patch, while already had gotten abused with different attack toolkits.

Kashyap described the Trojan as pretty advanced and featured vm-detection, anti-debugging, obfuscation along with certain conventional social engineering tactics. The Trojan happened to be an installer loading other malware onto the contaminated PC, he added. Securityweek.com reported this.

And while Bromium couldn't give plentiful details about the cyber-criminals because investigation isn't yet over, Kashyap states that it's Luxembourg the place of the C&C server's location.

Water-holing assaults are observed since some time now with their perpetrators still employing this very effective attack medium whilst remaining advanced of security software solutions. The particular assault once again shows how security experts try detecting cyber-crimes while their perpetrators manage to get past the detections and continue gathering secret information, concludes Bromium.

» SPAMfighter News - 9/29/2014