International equipment and software suppliers for the industrial sector last May suffered targeted malware attacks that employed numerous unconventional techniques to evade detection, reports Kaspersky ICS CERT experts in a recent blog post.
Utilizing steganography to conceal malicious data within another file, while abusing legitimate web resources to host the malware, the attackers made it highly difficult to detect infection attempts -- although Kaspersky said that in all cases that were identifiable, the malware was blocked by its solutions, preventing additional attacks.
The targeted suppliers, whom if compromised could have been abused as a stepping stone to later attack their industrial enterprise clients, are based in Japan, Italy, Germany and the U.K. The contractors were sent phishing emails that were customized to their local languages and contained malicious Microsoft Office documents with malicious, obfuscated macros. If the localization of the intended victim's operating system didn't match the language used in the phishing email, the malware would not fully execute.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.