One difficulty in putting adequate security protocols in place to protect your company’s valuable data and critical systems is the constantly evolving nature of malware. A recent wave of malware attacks orchestrated by one of the world’s most infamous cyber criminal groups serves to illustrate how quickly hackers can modify and adapt malware to avoid detection and test a company’s data security defenses.
The notorious hacking group that calls itself Lazarus is behind this recent string of cyber crimes, targeting dozens of global banks and other financial institutions in a series of aggressive malware attacks that began last October. This latest round of malware attacks was first discovered by a Polish bank; the bank found an unidentifiable malware located on its internal network. The Polish bank decided to tell other institutions about the malware’s indicators, and several other banks and financial companies discovered that they were also infected.
The Polish bank was ultimately able to trace the likely path of infection back to the website of Poland’s financial regulator; this site had been compromised by cyber criminals utilizing a watering hole method of attack to send visitors an exploit kit. To impact a very particular group of targets, the Lazarus team programmed the exploit kit to only infect those visitors from a list of 150 IP addresses. This list of objectives consisted mainly of banks with some Internet and telecommunications firms also included; a total of 104 different organizations across 31 countries were singled out for this malware attack.
Researchers at the security technology firm Symantec analyzed this previously unknown malware and found that the software’s code has some traits in common with past malware released by Lazarus. Specifically, this newly identified malware utilizes a Hacktool that displays some distinctive characteristics typical of malware previously identified as having originated with the Lazarus group.
What does this latest wave of attacks demonstrate about the malware threat, and given that Lazarus targets large financial institutions, why should small businesses be worried? Even if this particular series of attacks spares small businesses, the type of malware used illustrates how targeted and difficult to detect malware attacks can be. Banking institutions typically maintain robust and cutting-edge security protocols due to the constant hacking threats that they face and the particular sensitivity of the data they keep, and yet Lazarus was still able to find and exploit a weakness in their systems that exposed those big corporations to serious security breaches. Because hacking groups like Lazarus have such a strong incentive to continually update their malware to avoid detection, any business that is concerned with protecting the integrity of its critical systems and sensitive data must be constantly vigilant to protect against newly emerging malware versions.
Concerned that your company is vulnerable to a malware attack? Our security experts can help you evaluate and improve your current cyber security standards. Contact us today at (518) 459-6712 or info@pnjtechpartners.com to learn more.