USBs threats are back

Issue 4 2021 Cyber Security

Kaspersky has uncovered a rare, wide-scale advanced persistent threat (APT) campaign against users that was first detected in Southeast Asia. Kaspersky identified approximately 1500 victims, some of which were government entities. Initial infection occurs via spear-phishing emails containing a malicious Word document; once downloaded on one system, the malware can then spread to other hosts through removable USB drives.

Advanced persistent threat campaigns are, by nature, highly targeted. Often, no more than a few dozen users are targeted, often with surgical-like precision. However, recently Kaspersky uncovered a rare, widespread threat campaign with a rarely used, yet still a movie-like attack vector. Once downloaded on a system, the malware attempts to infect other hosts by spreading through removable USB drives. If a drive is found, the malware creates hidden directories on the drive, where it then moves all of the victim’s files, along with the malicious executables.

This cluster of activity — dubbed LuminousMoth — has been conducting cyberespionage attacks against government entities since at least October 2020. The attackers typically gain an initial foothold in the system through a spear-phishing email with a Dropbox download link. Once clicked on, this link downloads a RAR archive disguised as a Word document that contains the malicious payload.

Kaspersky experts attribute LuminousMoth to the HoneyMyte threat group, a well-known, long-standing, Chinese-speaking threat actor, with medium to high confidence. HoneyMyte is primarily interested in gathering geopolitical and economic intelligence in Asia and Africa.

“This new cluster of activity might once again point to a trend we’ve been witnessing over the course of this year: Chinese-speaking threat actors re-tooling and producing new and unknown malware implants,” comments Mark Lechtik, senior security researcher with the Global Research and Analysis Team (GReAT) at Kaspersky.

Find out more at www.kaspersky.co.za




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Intelligently adapting African cities for a better as well as a safer life
Government and Parastatal (Industry) Cyber Security
Smart buildings and cities therefore require as much a security-centric approach as they do an environmentally sustainable one.

Read more...
Smart city, smarter security
Government and Parastatal (Industry) Cyber Security
Henk Olivier, MD of Ozone Information Technology Distribution, unpacks the importance of smart and secure in the city of the future.

Read more...
Tackling cyber threats in the post-pandemic era
Cyber Security
Cybercrime costs are expected to increase by 15% each year over the next five years, reaching US$ 10,5 trillion by 2025.

Read more...
Cybersecurity for the board of directors
Editor's Choice Cyber Security
Bike-shedding is a common distraction in boardrooms, especially when discussing issues board members are responsible for, but don’t understand – like cybersecurity.

Read more...
Make connected home security as easy as plugging in a router
Cyber Security IT infrastructure
Service providers can now deploy gateway security services for the entire home in weeks, not months.

Read more...
Changing cybersecurity in South Africa
News Cyber Security
NEC XON plans to change cybersecurity solutions in South Africa, helping customers balance risk management and cybersecurity investment, transform capex to opex and automate activities to reduce costs through managed security services.

Read more...
Cybersecurity for operational technology: Part 3
Cyber Security Industrial (Industry)
According to a recent World Economic Report, the Covid-19 pandemic has increased our reliance on the global supply chain, while the Internet has accelerated the digitisation of business processes.

Read more...
App-less authentication offers business, security benefits
Cyber Security
GSM authentication offers an app-less, truly out-of-band, secondary factor that is both low friction and simple to implement for companies looking to protect all customers against fraud.

Read more...
Cloud can cut your security risks
Cyber Security
Todd Schoeman, BT client business director in South Africa, explores the ways that organisations can reduce security risk by using the cloud.

Read more...
Combating fraud in the digital world with the support of AI
Cyber Security
With technology evolving and people embracing the likes of mobile wallets, banking apps and other solutions to manage transactions, businesses must rethink how best to bolster anti-fraud mechanisms.

Read more...