Security Alerts & News
by Tymoteusz A. Góral

History
#1316 Operation Ghoul: targeted attacks on industrial and engineering organizations
Kaspersky Lab has observed new waves of attacks that started on the 8th and the 27th of June 2016. These have been highly active in the Middle East region and unveiled ongoing targeted attacks in multiple regions. The attackers try to lure targets through spear phishing emails that include compressed executables. The malware collects all data such as passwords, keystrokes and screenshots, then sends it to the attackers.

We found that the group behind this campaign targeted mainly industrial, engineering and manufacturing organizations in more than 30 countries. In total, over 130 organizations have been identified as victims of this campaign. Using the Kaspersky Security Network (KSN) and artifacts from malware files and attack sites, we were able to trace the attacks back to March 2015. Noteworthy is that since the beginning of their activities, the attackers’ motivations are apparently financial, whether through the victims’ banking accounts or through selling their intellectual property to interested parties, most infiltrated victim organizations are considered SMBs (Small to Medium size businesses, 30-300 employees), the utilization of commercial off-the-shelf malware makes the attribution of the attacks more difficult.

In ancient Folklore, the Ghoul is an evil spirit associated with consuming human flesh and hunting kids, originally a Mesopotamian demon. Today, the term is sometimes used to describe a greedy or materialistic individual.
Read more
#1319 Google Chrome, Firefox address bar spoofing vulnerability
#1318 Sage data breach may impact hundreds of business customers
#1317 Privacy lawsuit over Gmail will move forward
#1316 Operation Ghoul: targeted attacks on industrial and engineering organizations
#1315 $2.5 million-a-year ransomware-as-a-service ring uncovered
#1314 FalseCONNECT vulnerability affects software from Apple, Microsoft, Oracle and more
#1313 Easy to carry out, difficult to fight against: Why ransomware is booming in 2016
#1312 LinkedIn sues 100 individuals for scraping user data from the site
#1311 Now data-stealing Marcher Android malware is posing as security update
#1310 VeraCrypt audit under way; email mystery cleared up
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12