{"id":409337,"date":"2020-06-20T08:48:06","date_gmt":"2020-06-20T06:48:06","guid":{"rendered":"https:\/\/businesstech.co.za\/news\/?p=409337"},"modified":"2020-06-23T07:33:16","modified_gmt":"2020-06-23T05:33:16","slug":"eset-investigations-uncover-dangerous-linkedin-and-invisimole-attacks-on-companies","status":"publish","type":"post","link":"https:\/\/businesstech.co.za\/news\/industry-news\/409337\/eset-investigations-uncover-dangerous-linkedin-and-invisimole-attacks-on-companies\/","title":{"rendered":"ESET investigations uncover dangerous LinkedIn and InvisiMole attacks on companies"},"content":{"rendered":"<p>While the world is focused on fighting COVID-19, companies still need to defend themselves against the spread of another dangerous threat \u2013 malware.<\/p>\n<p>This was highlighted during the first day of ESET\u2019s Virtual World 2020 conference, as researchers broke down two specific attacks on aerospace, defence and military organisations.<\/p>\n<ul>\n<li><a href=\"https:\/\/www.eset.com\/za\/business\/b2b-lead-gen\/?utm_source=BusinessTech&amp;utm_campaign=ESET&amp;utm_term=June_2020\" target=\"_blank\" rel=\"noopener noreferrer\">Click here to visit the ESET website for world-leading cyber security software.<\/a><\/li>\n<\/ul>\n<p>Through social engineering techniques and the deployment of multi-stage malware, malicious actors were able to access systems containing sensitive company information.<\/p>\n<h3 class=\"my-4\"><strong>LinkedIn-based attack<\/strong><\/h3>\n<p>In the first attack \u2013 dubbed Operation In(ter)ception &#8211; attackers impersonated recruiters from reputed aerospace and defence companies on LinkedIn.<\/p>\n<p>They would then start a conversation with employees of these companies\u2019 rivals, praising their abilities and claiming to offer a job working for the competition.<\/p>\n<p>A decoy PDF file which appears to show details of the package for the position would then be sent to the employee.<\/p>\n<p>Once downloaded, this file deploys a malicious payload of malware to the victim\u2019s computer, allowing the attackers to gain a presence on it.<\/p>\n<p>The attackers then deployed sophisticated custom multi-stage malware disguised as legitimate software and altered versions of open-source tools to query and grab employee information as well as business-related and technical data.<\/p>\n<h3 class=\"my-4\"><strong>InvisiMole<\/strong><\/h3>\n<p>ESET investigated another threat which first surfaced in 2013 \u2013 dubbed InvisiMole.<\/p>\n<p>The spyware tool has extensive espionage capabilities and when installed on a system can perform the following tasks:<\/p>\n<ul>\n<li>Record voice<\/li>\n<li>Take screenshots<\/li>\n<li>Access geo-location<\/li>\n<li>Take photos or videos with the webcam<\/li>\n<li>Steal documents<\/li>\n<\/ul>\n<p>An enhanced version of InvisiMole targeted diplomatic missions and military organisations, managing to deploy 30 weaponised applications and documents on their networks and preparing 8,000 documents for exfiltration.<\/p>\n<p>By collaborating with affected companies, ESET was able to uncover an extensive toolset used for the delivery, lateral movement and execution of InvisiMole\u2019s backdoors.<\/p>\n<p>One of the other notable findings of the investigation was that the InvisiMole group\u2019s malware was an upgraded version of Gamaredon malware, suggesting collaboration between the two parties.<\/p>\n<h3 class=\"my-4\"><strong>Taking action \u00a0\u00a0<\/strong><\/h3>\n<p>These attacks are evidently well-organised and sophisticated.<\/p>\n<p>This should be a warning to companies to ensure their cybersecurity measures are sufficient to deal with similar attacks.<\/p>\n<p>Firstly, employees must be educated on the complexities of attacks and notified of key markers of attacks, which could include:<\/p>\n<ul>\n<li>Grammar and language mistakes in messages.<\/li>\n<li>Pressure on the target to react immediately.<\/li>\n<li>Suspicious instructions on how to manipulate files on the victim\u2019s computer.<\/li>\n<\/ul>\n<p>While prevention is the best option, any network is only as secure as its weakest link, and companies need to be prepared for when employees slip up.<\/p>\n<p>Important proactive measures include the following:<\/p>\n<ul>\n<li>Blocking access to large file hosters on which payloads are stored and information.<\/li>\n<li>Using a program like Applocker to control which programs can be executed.<\/li>\n<li>Keeping security software up to date.<\/li>\n<\/ul>\n<h3 class=\"my-4\"><strong>ESET\u2019s capabilities<\/strong><\/h3>\n<p>ESET employs over 1,800 staff members around the world, many of whom are working in research and development.<\/p>\n<p>ESET offers world-class cybersecurity solutions and expertise to its clients, protecting more than 100 million of these clients\u2019 employees across the world.<\/p>\n<p>Its major clients include Google Chrome, the Google Play Store and Canon.<\/p>\n<p>Through ESET\u2019s various solutions, more than 2 billion devices are directly or indirectly protected.<\/p>\n<p><strong><a href=\"https:\/\/www.eset.com\/za\/business\/b2b-lead-gen\/?utm_source=BusinessTech&amp;utm_campaign=ESET&amp;utm_term=June_2020\" target=\"_blank\" rel=\"noopener noreferrer\">Click here to visit the ESET website for world-leading cybersecurity solutions.<\/a><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers from ESET have broken down attacks on aerospace, defence and military organisations which emphasise the need for companies to exercise robust cybersecurity practices. <\/p>\n","protected":false},"author":57,"featured_media":409339,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10459],"tags":[3420],"class_list":["post-409337","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-industry-news","tag-eset"],"_links":{"self":[{"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/posts\/409337","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/users\/57"}],"replies":[{"embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/comments?post=409337"}],"version-history":[{"count":3,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/posts\/409337\/revisions"}],"predecessor-version":[{"id":409797,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/posts\/409337\/revisions\/409797"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/media\/409339"}],"wp:attachment":[{"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/media?parent=409337"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/categories?post=409337"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/tags?post=409337"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}