Advanced persistent threats (APTs), once the province of hackers hired to spy on foreign governments and to gather intelligence, are no longer a rarity in the world of cybercrime – cybercriminals are now using them to make money, according to new research from security solutions provider Sophos Ltd.
In a blog post from Sophos Labs, security researcher Gabor Szappanos wrote that in early 2013, hackers were using exploits in Microsoft Office with DOC, XLS, and RTF files to launch targeted attacks.
Typically, patches would eventually appear and the attacks would no longer be effective. But then, these attacks began spreading from the APT community and into the bigger world of cybercrime.
At first, Sophos researchers only observed classic APT malware families, but in March 2013, they began spotting Zeus malware in the wild. With this kind of malware, attackers use bots and zombies to steal banking credentials, like usernames, passwords, and the access codes used in the two-step authentication process when people log into their bank accounts.
And there seem to be more attacks on companies that wouldn’t have been expected to be targets in the past, Szappanos wrote.
He pointed to Sophos’ collection of different samples of malware, scooped up from voluntary detection reports from Sophos product users, Google’s VirusTotal malware submission program, and collections from other security organizations.
All told, Sophos researchers uncovered about 34,250 detection reports of malware from 4,335 “booby-trapped” documents, belonging to 86 different malware families.
“A much larger user population is now being targeted and infected by the set of exploits listed above.When a small number of people end up infected by a narrowly-focused attack mounted by artisan operatives in an intelligence service, that damages our economy,” Szappanos wrote in his post.
“When a large number of people end up infected by industrial-scale plunderers from the cyberunderworld, that damages our economy even more heavily. Sadly, these two sorts of digital criminality are no longer as compartmentalised as they used to be.”
For organizations and consumers looking to protect themselves, they should search for an anti-virus solution that includes an HIPS detection feature, Szappanos wrote.
Plus, organizations should turn on APT protection features to prevent malware from communicating with outside attackers, and they should use tools that will assess their patches to make sure they’re not missing any updates.