A new report by Kaspersky Labs had found the number of cyberattacks against Internet users interested in the conflict in Syria is growing. Organized groups of cybercriminals are utilizing increasingly sophisticated versions of malware to target media outlets, dissidents and activists sharing information about the civil war in the country. Researchers found over 100 different types of malicious files and they believe more than 10,000 people have been compromised as a result of the malware campaign. According to the report, some of the files have been downloaded over 2,000 times.
Kaspersky researchers found that the network of cybercriminals behind the scheme are using advanced social engineering techniques, as well as modifying legitimate apps to become malicious in order to infect devices. According to the report, researchers believe this is only the beginning of a much larger, more sophisticated attack campaign.
"We expect these attacks to continue and evolve both in quality and quantity," the report stated. "We expect the attackers to start using more advanced techniques to distribute their malware, using malicious documents or drive-by download exploits. With enough funding and motivation they might also be able to get access to zero day vulnerabilities, which will make their attacks more effective and allow them to target more sensitive or high profile victims."
The majority of the malicious files currently being deployed by the group are remote access tools disguised as legitimate documents. One RAT found by the researchers is downloaded when victims try to view the National Security Program, a phony application that allegedly contains the names of all the people wanted by the government of Syrian president Bashar al-Assad. The use of RATs is worrying because they are capable of giving cybercriminals complete control over infected systems' functions, including activation of cameras and microphones, keylogging and access to any stored data or credentials.
The malicious actors also appear to be, ironically, preying on peoples' fears of falling victim to a data breach by sharing fake messages warning of an imminent cyberattack. The cybercriminals share information about "Ammazon [sic] Internet Security", a fake security application that offers users no protection and installs a RAT on their device instead.
Protecting enterprise systems from malware
The majority of the RATs being used by the group should be easily identified by most antivirus programs, but obfuscation techniques are being deployed to make the malware undetectable. When traditional antivirus programs or firewalls aren't enough, a security information and event management service can help to fill in the gaps. Concierge SIEM solutions provide constant monitoring of enterprise systems that is analyzed and used to provide reliable information about the threats facing a company at any given time. SIEM services look for activity around the clock so no suspicious behavior or security incident will go unnoticed, ensuring network security and providing peace of mind.