JOHANNESBURG – BANKS, telecommunication companies and government organisations in Africa and around the globe are at the mercy of cyber criminals that have breached 40 countries using hidden malware.
The infamous GCMAN and Carbanak groups are the primary suspects.
Kaspersky Lab, the global cybersecurity company, said its experts had discovered a series of “invisible” targeted attacks that use only legitimate software: widely available penetration-testing and administration tools as well as the PowerShell framework for task automation in Windows – dropping no malware files onto the hard drive, but hiding in the memory.
This combined approach helps to avoid detection by white listing technologies, and leaves forensic investigators with almost no arte facts or malware samples to work with.
Experts reported the attackers stay around just long enough to gather information before their traces are wiped from the system on the first reboot.
“The determination of attackers to hide their activity and make detection and incident response increasingly difficult explains the latest trend of
anti-forensic techniques and memory-based malware,” said Sergey Golovanov, Principal Security Researcher at Kaspersky Lab.
He said that was why memory forensics was becoming critical to the analysis of malware and its functions.
“In these particular incidents, the attackers used every conceivable anti-forensic technique; demonstrating how no malware files are needed for
the successful exfiltration of data from a network, and how the use of legitimate and open source utilities makes attribution almost impossible.”
Kaspersky Lab has since uncovered that these attacks are happening on a massive scale: hitting more than 140 enterprise networks in a range of
business sectors, with most victims located in the USA, France, Ecuador, Kenya, the UK and Russia.
– CAJ News