A fresh targeted attack campaign against an unnamed European-based IT firm has been uncovered, underlining the increased danger that firms operating in the region face.
Trend Micro threat researcher Abraham Camba reported the campaign in a blog post, warning that it uses an advanced 64-bit Miras malware family to exfiltrate data from its victim.
“The malware’s file and disk manager module is very comprehensive in getting information about files. Attackers will always know when there is a major change in the victim’s system,” read the post.
“Attackers are also capable of knowing whether their target files are updated. Miras’s process manager module plays another important part in the data-exfiltration step of the targeted attack. This module gives attackers details on the processes’ date and time creation.”
Camba added that the attack is doubly dangerous as it has the functionality to mount follow-up attacks.
“The backdoor function also gives attackers an overview of the modules the other processes are using. Attackers can thus gain leverage by creating, for instance, a .DLL hijacking attack or an exploit attack depending on the modules seen [in] the target victims’ systems,” read the post.
Camba said it is too early to tell which group is responsible for the attack, but that Trend Micro has managed to trace it to a US-based command-and-control server (C&C), which has been active since at least 2013.
The discovery follows widespread warnings that targeted attack levels are increasing. FireEye CTO Greg Day told V3 the firm has detected an alarming spoke in targeted attack levels and infections over the past six months.
“Over the last six months we’ve seen an increase in the number of attacks that have been aimed specifically at one company and it is their ability to detect and deal with a breach that is significant. Companies need to realise that targeted attacks are no longer aimed at a small number of organisations, but are a mainstream issue that we all need to be aware of,” he said.
“90 percent of the companies we go into are already breached and on average, the length of time it takes a company to discover that they have been breached is 229 days.”
Day said the targeted attacks’ high success rate is indicative of a lack of awareness in many businesses of how vulnerable they are.
“The biggest threats that we face today are the increasing number of unique attacks – every company has something of value that cyber criminals want. A targeted attack means that a cyber criminal has taken the time to make sure that the attack is personalised just for you,” he said.
“The one bit of advice I give to all our customers is that you must make sure you have a tried-and-tested response strategy. Without doing this, you can never be sure if you are well equipped to deal with a breach.”
The Miras campaign is one of many targeted attacks discovered this year. F-Secure reported earlier in September that hackers are besieging Apple OS X systems with 25 new malware variants, some of which are being used in targeted attacks.
To get more insights on cyber security, register for the V3 Security Summit now.