New targeted attack strategies used against industrial companies

No Comments
industrial skyline

A new, rapidly evolving, series of spyware campaigns attacking more than 2,000 industrial enterprises around the world has been uncovered by experts at Kaspersky.

Although the malware used in these attacks belongs to well-known commodity spyware families, they stand out from the mainstream due to the very limited number of targets in each attack -- no more than a few dozen -- and the very short lifetime of each malicious sample.

Close analysis of 58,586 samples of spyware blocked on ICS computers in the first half of 2021 reveals that around 21.2 percent of them were part of this new limited-scope and short-lifetime attack series. Their lifecycle is limited to about 25 days, which is much less than the lifespan of a traditional spyware campaign.

Another interesting feature is that most of these campaigns are spread from one industrial enterprise to another via well-crafted phishing emails. Once inside the victim's system, the attacker uses the device as the next-attack's command and control server. With access to the victim's mailing list, criminals can then spread the spyware even further.

"‘Throughout 2021, cybercriminals extensively used spyware to attack industrial computers, and today we witness a new rapidly evolving trend in the industrial threat landscape," says Kirill Kruglov, security expert at Kaspersky ICS CERT. "To avoid detection, criminals shrink the size of each attack and limit the use of each malware sample by quickly enforcing its replacement with a fresh-built one. Other tactics include the vast abuse of corporate email infrastructure to spread malware. This is different from anything we've observed in spyware before and we anticipate such attacks to gain traction in the year ahead."

Kaspersky experts have identified more than 25 different marketplaces where the stolen credentials from these industrial campaigns are being sold. Analysis of those marketplaces shows high demand for corporate account credentials, especially for Remote Desktop Accounts (RDP). Over 46 percent of all RDP accounts sold in analyzed marketplaces are owned by companies in the US, while the rest originate from Asia, Europe, and Latin America.

You can find out more on the Kaspersky ICS CERT site.

Image Credit: panimoni / depositphotos.com

No Comments

Comments are closed.

Got News? Contact Us

Recent Headlines

Firefox Nightly expands to Linux on ARM64

How writing zip support for Windows almost cost its creator his job at Microsoft

Apple AirPlay comes to IHG Hotels and Resorts

Millennials are key targets for phishing

Get 'Applied Machine Learning and AI for Engineers' (worth $67.99) for FREE

Best Windows apps this week

The dynamics of modern Windows device management [Q&A]

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

61 Comments

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

18 Comments

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

17 Comments

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

16 Comments

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

16 Comments

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

12 Comments

Easter giveaway! Get a licensed copy of 'VideoProc Converter for Windows/Mac' (worth $78.90) for FREE

10 Comments

EndeavourOS ARM discontinued: A huge loss for the Linux community

9 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.