23. January 2022

This article has been indexed from

CySecurity News – Latest Information Security and Hacking Incidents

Researchers discovered that attackers are targeting industrial businesses with spyware operations that look for corporate credentials to utilise for financial gain as well as to cannibalise infiltrated networks to proliferate further attacks. According to researchers at Kaspersky ICS CERT who discovered the campaigns, the campaigns use off-the-shelf spyware but are unique in that they limit the scope and longevity of each sample to the bare minimum. 

In contrast to generic spyware, the bulk of “anomalous” samples were configured to employ SMTP-based (rather than FTP or HTTP(s)) C2s as a one-way communication channel, implying that they were designed primarily for stealing. Researchers believe that stolen data is used mostly by threat operators to spread the assault within the attacked organization’s local network (through phishing emails) and to attack other companies in order to collect new credentials. The attackers exploit corporate email compromised in previous attacks as C2 servers for new assaults.

Researchers have discovered a huge set of campaigns that spread from one industrial firm to another via hard-to-detect phishing emails disguised as the victim companies’ correspondence and abusing their corporate email systems to attack through the contact lists of infected mailboxes. 

Surprisingly, corporate antispam solutions assist attackers in remaining undetected while exfiltrating stolen credentials from infected machines by rendering them ‘invisible’ among all the junk emails in spam folders. As

[…]

Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: