A vendor research team has discovered a new malware sample designed for use in targeted attacks. Experts say the discovery, the latest in a growing series of targeted malware samples found in the wild, further proves targeted malware has become the weapon of choice for enterprise attackers.
Cybercriminals are realizing the advantage of a targeted attack instead of a widespread attack.
senior technology consultant,
Last week, W32.Disttrack became the most recent targeted malware sample discovered in the wild. Also known as Troj/Mdrop-ELD or the Shamoon attacks, Disttrack targets organizations in the energy sector, according to a blog post on Disttrack by Cupertino, Calif.-based antimalware giant Symantec Corp.
According to Symantec, it's a worm that spreads through network shares. It also corrupts files and overwrites a system's Master Boot Record (MBR) in an effort to render a computer unusable. Overwriting the MBR is an old malware tactic, experts said. It has become less popular with time, said Graham Cluley, senior technology consultant at U.K.-based security vendor Sophos Ltd., because it signals a computer user that his or her system has been compromised.
Damage done by Disttrack can be reversed, according to Sophos. The files Disttrack overwrites are non-critical and infected machines can be fixed by employing the "fixmbr" system command.
However, security experts agree that targeted malware attacks against enterprises are quickly becoming the norm.
"Cybercriminals are realizing the advantage of a targeted attack instead of a widespread attack," said Cluley, because they enable attackers to focus on specific information and can delay detection of the malware, due to the lower number of people or enterprises affected in an attack.
From the editor: More on targeted attacks
Countermeasures against targeted
attacks in the enterprise
Learn how to be prepared for social engineering and other data mining attacks that can root out personal identifiable information.
How to collect Windows Event logs to detect
a targeted attack
Learn how to gather enterprise-specific intelligence by collecting and analyzing information about specific devices, data and activities within the organization.
Recent targeted malware instances include Duqu, Stuxnet and Flame. Another recent discovery, Gauss, was identified earlier this month. Mac security vendor Intego Inc. also recently identified Crisis, a Mac OSX Trojan designed for targeted attacks against Apple endpoints.
Cluley said the directional shift in malware attacks from widespread to targeted signals a new era of cybercrime. Stephen Cobb, security evangelist at San Diego-based security vendor ESET LLC, said cybercriminals have not only changed their focus, but also the methods they use to develop malware.
Cobb said attackers have industrialized malware by dividing the creation of a threat into tasks allowing criminals to specialize in a part of the process. This, he said, makes it quicker to deploy devastating malware.
Enterprise security teams should be aware of the increasing number of targeted attacks, Cluley said, and should have layered defenses to protect against them.
"Like in a prison, you don't just have one gate or one door to get out," he said. Instead, an enterprise needs a defense that includes up-to-date security patches, up-to-date antivirus software, good encryption of sensitive documents and a strong password policy. He added that it is also important to pay attention to how data moves within an enterprise, so as to anticipate weak points where attackers might try to get it.
Cobb added that the No. 1 failing in security is that companies too often do not educate their users. He emphasized that enterprise security teams should not only inform employees of good security practices, but also keep them updated as threats evolve.
"If you were serious about security before, be more serious; if not, get serious now," Cobb said.