Actu
Imperva Hacker Intelligence Initiative Report Reveals the Hidden Risk of Consumer-Centric Malware For the Enterprise
September 2015 by Imperva
Imperva, Inc., unveiled its latest Hacker Intelligence Initiative (HII) Report: “Phishing Trip to Brazil.” This new report, published by the Imperva Application Defense Center (ADC), offers a detailed look at a cyber attack targeting consumers using a banking Trojan, and shows how consumer-centric cyber crimes can compromise the enterprise. The report also demonstrates that despite potential anti-malware defenses, attacks that target individual employees can easily enter the enterprise network.
To conduct this report, the Imperva ADC evaluated 14 different command and control (C&C) servers comprised of more than 10,000 records across almost 5,000 different IP addresses. The major findings in the report include:
– The majority of infections found occurred during “office hours,” leading to the conclusion that the infected computers were being used for business.
– At least 17 percent of infected machines were directly attached to enterprise networks, showing the ease with which cyber-attacks targeting consumers still put enterprises at risk.
– The consumer-centric cyber crimes used malware that rely on social engineering to infect the victim. A legitimate-looking email containing a link to a zipped file is sent to the victim. Once the victim extracts the file and knowingly or unknowingly clicks the executable, the targeted person is infected. The malware then starts to monitor user activity. After the user connects to a business site, in the case of the report, a Brazilian bank, the malware intercepts session data, which it then sends to the cybercriminals.
– Cyber criminals are extremely adept at compromising user credentials, which they then leverage for fraud or further attacks.
“Our research underscores that work life and personal life intersect, and when an employee receives a suspicious email from a vendor they trust, like a bank, they are more likely to open it. Unfortunately, if an employee reads one of these emails on a home computer while connected to an enterprise Virtual Private Network (VPN), they are opening up their employer to a potential attack,” said Amichai Shulman, co-founder and Chief Technology Officer, Imperva. “With malware evolving faster than antivirus protection, companies should shift their focus from detecting malware to directly monitoring and protecting enterprise data, applications, and user accounts. With the prevalence of Bring Your Own Device (BYOD) and remote working, data and file activity monitoring are the best way to protect against compromise of sensitive enterprise information.”
Other key findings from the report include:
– The cyber crime campaigns were not conducted by just one group of criminals operating behind the scenes. It appears that there are several groups of criminals, with varying technical and social engineering skills, all leveraging the same underlying malware. This illustrates how cyber crime itself has become an industry.
– Some of the C&C servers were found on legitimate websites that had been hijacked, while others were found on servers that were set up specifically to provide C&C functionality.
– The report focused on malware originating from Brazil, targeting Brazilian banks, but similar exploits are possible in other locations and industries.
A full version of the Phishing Trip to Brazil HII report is available at https://www.imperva.com/DefenseCenter/HackerIntelligenceReports.
