Malware that Targets Specific Industries
Should a specific industry be flattered when they get specifically targeted with malware? Probably not. But action is warranted.
Returning RAT
The recently updated Adwind RAT has been modified to specifically target the aerospace industry. It is a Java based cross-platform Remote Access Trojan (RAT), capable of infecting Windows, Mac, Linux, and Android systems.
Adwind has many names and has been in circulation since 2013. What is unusual is the latest release seems to be targeting a specific industry. According to researchers, it has re-emerged to “target enterprises in the aerospace industry, with Switzerland, Austria, Ukraine, and the US the most affected countries.”
Directed Attacks
The key takeaway here is that certain attackers are specializing their tools and techniques to zero in on specific targets. These 'directed' attacks must be treated differently. The threat agents have specific businesses or organizations as goals and will persist until satisfied.
That means, just having good or better-than-average security is not enough. A focused adversary will not be distracted or easily lured away. Such attackers will follow the path-of-least-resistance in their maneuvering while continuing to go after their specific prey. Even when facing strong defenses, they persist and look for the weakest area to attack. They will ignore other, potentially easier victims, which are not aligned to their objectives.
Such attacks, with a specific target in mind, are incredibly difficult to defeat. In most cases it is just a matter of time before a vulnerability is found and exploited, resulting in a compromise. Rapid detection and response can limit the impact, but some damage should be expected.
Highly motivated, resourced, and skilled persistent threats represent one of the worst scenarios for defenders to deal with. Finding such customized malware is a clear warning sign for those in that industry, in this case aerospace. If you find yourself in the sights of such an enemy, it is recommended to re-evaluate your posture (predictive, preventative, detective, and response controls) and risk acceptance level. You may be in for a brutal fight.
Image Source: http://thehackernews.com/2017/07/adwind-rat-malware.html
Interested in more? Follow me on LinkedIn, Twitter (@Matt_Rosenquist), Information Security Strategy, and Steemit to hear insights and what is going on in cybersecurity.
"Highly motivated, resourced, and skilled persistent threats represent one of the worst scenarios for defenders to deal with."
Excellent point, Spartan!
In the flowchart, image number 4, it says Visual Basic script. For it to be cross platform, would that not be java script? I am not questioning the prowess of the hackers, but Visual Basic? That terrifies me .
At least with Unix/Linux, and MAC, I thought I was safe from rogue vbscripts.
Good question. I don't know. I didn't do the teardown myself. I recommend checking out Trend Micro's site for a more detailed analysis of this malicious critter http://blog.trendmicro.com/trendlabs-security-intelligence/spam-remote-access-trojan-adwind-jrat/
Sure, now you want me to click on a link. :-)
Thanks for the follow-up, I'll take a look.
Is malware sometimes used to target an industry by one firm in that industry out to damage its competitors?
Not normally. The risks are high if a company is caught using malware for criminal purposes. But that is not to say it has never happened.
Interesting topic, this article made me more conscious about internet security in our industries even at our homes. Thanks
Now a days it is increasing day by day !!
Internet is scary man! What you gonna do! :(
My god you have to protect yourself more from those attacks, thank you muhas for the information brother, greetings
Excelente post, vale la pena traducirlo al español. Te haz ganado un fiel seguidor, saludos desde Venezuela, voy a darle al Resteem.
Thanks for sharing @mrosenquist