Malware from spying on governments now used in cybercrime, Sophos says

Advanced persistent threats (APTs), once the province of hackers hired to spy on foreign governments and to gather intelligence, are no longer a rarity in the world of cybercrime – cybercriminals are now using them to make money, according to new research from security solutions provider Sophos Ltd.

In a blog post from Sophos Labs, security researcher Gabor Szappanos wrote that in early 2013, hackers were using exploits in Microsoft Office with DOC, XLS, and RTF files to launch targeted attacks.

Typically, patches would eventually appear and the attacks would no longer be effective. But then, these attacks began spreading from the APT community and into the bigger world of cybercrime.

At first, Sophos researchers only observed classic APT malware families, but in March 2013, they began spotting Zeus malware in the wild. With this kind of malware, attackers use bots and zombies to steal banking credentials, like usernames, passwords, and the access codes used in the two-step authentication process when people log into their bank accounts.

And there seem to be more attacks on companies that wouldn’t have been expected to be targets in the past, Szappanos wrote.

He pointed to Sophos’ collection of different samples of malware, scooped up from voluntary detection reports from Sophos product users, Google’s VirusTotal malware submission program, and collections from other security organizations.

All told, Sophos researchers uncovered about 34,250 detection reports of malware from 4,335 “booby-trapped” documents, belonging to 86 different malware families.

“A much larger user population is now being targeted and infected by the set of exploits listed above.When a small number of people end up infected by a narrowly-focused attack mounted by artisan operatives in an intelligence service, that damages our economy,” Szappanos wrote in his post.

“When a large number of people end up infected by industrial-scale plunderers from the cyberunderworld, that damages our economy even more heavily. Sadly, these two sorts of digital criminality are no longer as compartmentalised as they used to be.”

For organizations and consumers looking to protect themselves, they should search for an anti-virus solution that includes an HIPS detection feature, Szappanos wrote.

Plus, organizations should turn on APT protection features to prevent malware from communicating with outside attackers, and they should use tools that will assess their patches to make sure they’re not missing any updates.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Candice So
Candice So
Candice is a graduate of Carleton University and has worked in several newsrooms as a freelance reporter and intern, including the Edmonton Journal, the Ottawa Citizen, the Globe and Mail, and the Windsor Star. Candice is a dog lover and a coffee drinker.

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs