Sign up to our newsletter
The energy sector has been targeted with a new multi-stage malware attack used to infect company computers and steal sensitive data, reports ZD Net.
Energy companies primarily based in the Middle East but also in the US, UK, India and others are being hit with a new malware program, dubbed Trojan.Laziok, that is used to collect information about infected systems including the computer’s name, RAM size, hard disk size, CPU type and antivirus software. The criminals then use this information to determine whether the computers are suitable for further attacks.
According to Ars Technica, the malware is spread through phishing emails containing malicious documents exploiting a Microsoft Office vulnerability. The Trojan then hides the malicious code in the %SystemDrive%\Documents and Settings\All Users\Application Data\System\Oracle directory, renamed with seemingly legitimate names, such as search.exe and chrome.exe. Although a fix for the vulnerability has been around since April 2012, many users are still yet to apply the patch.
Once computers have been infected and the information has been analyzed, the cybercriminals deploy customized versions of well known malware strains Backdoor.Cyberat and Trojan.Zbot.
As Computer World notes, a report released earlier this month by U.S. Industrial Control Systems Cyber Emergency Response Team found that almost 80 percent of the 245 cyber incidents it handled in 2014 involved companies from the energy sector.
The recent attacks to energy companies highlight the importance of applying the latest security patches to your computer software, while also being cautious of unsolicited email attachments. To avoid phishing attacks in the future, remember the advice in our video below;
Author Kyle Ellison, ESET