Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Cyberwar heats up in the Middle East

Maria Korolov | April 6, 2015
Two new malware campaigns have been spotted in the Middle East, according to reports released this week, one targeting energy companies and the other going after political targets in Israel and Lebanon.

"Relying on antivirus as the primary line of defense for your workstations is a losing proposition," he said.

Once the Trojan.Laziok attackers have a good picture of the system, they can customize additional tools to avoid detection, said Symantec's Narang. "The next step is a back door, Backdoor.Cyberat, and an information-stealing Trojan, Trojan.Zbot." he said.

This malware can monitor audio by turning on the audio on the computer, or capture video using the webcam. It can also log keystrokes and install additional malware.

There isn't enough information yet to determine whether the goal is espionage, sabotage, or cybercrime, said Narang.

Israel and Lebanon

The attacks against Israeli and Lebanese political groups, using malware code-named Volatile Cedar by its discovers, is probably unrelated, said Narang.

"That is a different attack group, with a different set of tools and processes that they were using. That group started earlier. And as far as our knowledge is, Trojan.Laziok only dates back to the beginning of the year."

According to researchers at Check Point Software Technologies Ltd., who released the Volatile Cedar report this week, that campaign dates all the way back to 2012.

It also uses a new, custom information-gathering Trojan, which Check Point named Explosive.

But while the Trojan.Laziok attack started with phishing emails, the Volatile Cedar attack began with publicly-facing web servers.

In addition, Check Point traced back the source of the Volatile Cedar attack to actors in Lebanon, and their targets were narrowly targeted political organizations in Israel and Lebanon. The targeting of organizations in Lebanon could be related to espionage among rival political groups, researchers said.

"Conventionally speaking, the Lebanese and the domestic terrorist organization Hezbollah can hardly compete with the Israeli military supremacy," said Rich Barger, chief intelligence officer and director of threat intelligence at Arlington, VA-based ThreatConnect, Inc. "However, cyberspace remains a new frontier full of rich exploits. It is hardly surprising that an APT group would seek to level the playing field by enhancing its cyber presence."

According to Barger, Middle East organizations — both businesses and governments — could benefit from sharing more cyberthreat information.

"Any region that is targeted as frequently as the Middle East can benefit from such threat intelligence sharing to better protect their networks," he said. "Additionally, many nations in the region are only just beginning to set up connectivity in their country, which means that both the network and novice users are much more vulnerable to common exploits, such as spearphishing."

According to Barger, energy is a prime target both for cyber criminals seeking to turn a quick profit and for more advanced actors seeking to cause serious economic damage to their targets.

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.