eWhite House Watch - Full Article

Cyberwar Escalates in the Middle East


Author: Sarah Austin


On March 31, 2015 the DHS reported two new malware campaigns spotted in the Middle East.

The first malware campaign is a brand-new information gathering tool called Trojan Laziok. The operators of Trojan Laziok have been targeting oil, gas and helium companies in the Middle East since January 2015. This malware infects the companies’ computer systems via a phishing email that contains an infected Microsoft Excel file. Once the email is opened and the malware has infiltrated the system, it collects vital data and information regarding the companies’ anti-virus protection. Access to information about the companies’ anti-virus protection allows the malware’s operators to remain undetected while continuing to infect the companies system with more advanced malware, such as Cyberats and Zbots, which can record audio and video from the infected computers and monitor keystrokes.

Experts are unsure of the Trojan Laziok operators’ motives, but it is clear that the operators of Trojan Laziok have detected and exploited one of the energy industries major weaknesses: lack of investment in updating their Microsoft software and cybersecurity systems. This exposed weakness makes the energy industry a prime market for both cybercriminals who want to turn a quick profit for themselves, and sophisticated attackers who want to cause severe economic harm to their targets.


The second newly detected malware campaign, called Volatile Cedar, has been attacking Israeli and Lebanese political groups via publicly-facing web servers since 2012. This malware was able to remain undetected for two years because its operators carefully and continuously adapted it to navigate around sophisticated anti-virus protection systems. Volatile Cedar is a tool that gathers information, such as passwords, from the Microsoft servers it infects. After one computer is compromised, the malware spreads rapidly to other computers in the targeted parties’ network. It is also a self-monitoring program equipped with a self-destruct system to protect itself from detection.


The operators of Volatile Cedar are sophisticated attackers. The attackers’ suspected motive is intrastate espionage and a large number of victims are from Lebanon. However, many victims in other countries have yet to be detected. Even since reports of detection a few days ago, the attackers’ have activated a self-destruct command from their control center to prevent investigators from acquiring more information regarding the customized malware system.


Experts have suggested that an increase in threat intelligence sharing could be a significant part of the solution to the cyberwar in the Middle East.


OFFICIAL SOURCE:http://www.dhs.gov/sites/default/files/publications/nppd/ip/daily-report/dhs-daily-report-2015-04-01.pdf


SECONDARY SOURCES:http://www.networkworld.com/article/2904293/lebanese-cyberespionage-campaign-hits-defense-telecom-media-firms-worldwide.html#tk.rss_all





Leave a Reply