Social engineering has been delivering results with malware attackers and spammers using social engineering and customized malware to gain unauthorized access to sensitive information
BANGALORE, INDIA: With several targeted threats making news since 2010, starting with Stuxnet, Duqu and more recently, Flamer, a new threat has been identified - Trojan.Madi which is capable of stealing information and includes keylogging functionality.
The Madi attack relies on social engineering techniques to get onto targeted computers. The modus operandi observed in the Madi campaign is by sending the user an email with a malicious PowerPoint attachment. Once opened, a series of video stills is displayed showing a missile destroying a jet plane, spurring the interest of the user. During the final PowerPoint slide, a dialog window is displayed to the user requesting permission to run an executable file, thereby gaining access to valuable information.
Symantec has observed the Trojan communicating with command-and-control servers hosted in Iran and, more recently, Azerbaijan. Targets of the Madi campaign appear to be all over the spectrum but include oil companies, US-based think tanks, a foreign consulate, as well as various governmental agencies, including some in the energy sector. Although Madi has been seen targeting various Middle Eastern countries, it has also been found across the globe from the United States to New Zealand.
Targets like Iran, Israel, and Saudi Arabia might suggest involvement of a nation state; however our research has not found evidence that this is the case. Recently, the June Symantec Intelligence Report observed that globally the Defence industry (a sub category of the Public Sector) has been the targeted industry of choice in the first half of the year, with an average of 7.3 attacks per day.
According to Symantec, social engineering has been delivering results with malware attackers and spammers using social engineering and customized malware to gain unauthorized access to sensitive information. While there are endless variations of social engineering attacks on the rise, the basic premise of the scam is that someone connected to via a social network posts a status message, instant messages, or sends a user an email with an attachment using social networks to increase the effectiveness of a social engineering attack.
Making use of social networks, hackers use profile information to create targeted social engineering attacks, Impersonate friends to launch attacks and leverage news feeds to spread spam, scams and massive attacks In a social media crazed world, ‘social obscurity’ and ‘physical isolation’ are no longer paths that one can take. All it takes is one weak link to establish a beachhead to further penetrate inside an organization.
(The author is VP & MD, India Product Operations, Symantec)
