Kaspersky Lab shines light on recently discovered CozyDuke threatBy Staff Writer 12 May 2015 | Categories: news
Apart from simply offering Anti-Virus software, Kaspersky Lab is diligently at work uncovering all manner of threat affecting both consumers, corporates, and in some cases governments, alike. In the company's Q1 2015 threat analysis, it noted that the number of targeted cyber attacks is expected to grow substantially, with both everyday consumers and large multinationals seen as fair game by cyber criminals.
A Family of Dukes
One new Duke APT (Advanced Persistent Threat), discovered in April this year, is CozyDuke, also known as CozyBear, CozyCar or “Office Monkeys”, in honour of the video it employs as a decoy. Technology Expert at Kaspersky Lab, Oleg Gorobets offers some advice on how to deal with this newly found threat and mitigate any potential risk it poses.
"The attack is notably sophisticated, including encrypted components, anti-detection capabilities and a fairly well developed set of malware components that feature structural similarities with earlier MiniDuke, CosmicDuke and Onion Duke threats," notes Gorobets.
Office Monkeys are Dangerous
What is truly worth mentioning however, and unfortunately, is quite a successful approach for many a targeted attack, is that this attack’s initial penetration method is based entirely on social engineering techniques. The attackers offer an extremely funny video about office working apes as bait, hence the name. The archive, including an executable video, is delivered via spear-phishing emails containing an attachment or a link to a website. Gorobets adds that, "sometimes a legitimate and even highly-rated site that has already been compromised."
While the video plays, the attack's dropper is silently installed into the system, ready to receive commands and second stage malware components from the Command & Control servers.
The reason for this particular APTs success, is that cybercriminals know that those targeted individuals would launch the video, not fearing it as a threat. As a result, not only have they launched the video, it invariably gets shared around the office with colleagues or at home with family, thus actively assisting in the malware distribution process. For now Gorobets says that, "given the high profile of the targets, the amount of sensitive information that could potentially be stolen can only be guessed at."
How To Mitigate An Office Monkey Threat
Gorobets notes that several very basic security precautions or Mitigation Strategies can work effectively against even the most sophisticated and thoroughly planned APTs. For example, a simple curbing of administrative rights plus the timely patching of vulnerabilities and restricting the number of permitted apps can mitigate up to 85% of targeted attack-connected incidents.
Gorobets also points to a few solutions available in the Kaspersky Lab software offerings. "Application Control with Dynamic Whitelisting, such as [those] available in Kaspersky Endpoint Security for Business, and Kaspersky Total Security and Kaspersky Security for Virtualization, would be a valuable asset here." He adds that "the Monkey video – as well as the other malware components of CozyDuke – would simply not be able to launch without being previously approved by a system administrator."
Other useful strategies, especially appropriate to government agencies or other highly regulated enterprises, may include:
Using Web Control technology to restrict access only to permitted web resources, limited to those that are work-related – or at least only to certain site categories.
Applying e-mail content filtering, as offered by Kaspersky Security for Exchange / Linux Mail, to rule out suspicious emails and attachments (such as archives), perhaps depending on the recipient’s role and seniority.
Using Device Control technology to avoid unsolicited transfers of information through the security perimeter to and from the outside world – or even within the perimeter. As well as helping prevent the spread of malware, this approach can offer protection against some forms of intentional data theft.
Conducting specialised security training for employees, such as that offered by Kaspersky Lab as part of the Security Intelligence Services. This will drive increased awareness and understanding of the dangers they face, even while sitting in their well-guarded offices. It also educates them on how to avoid many seemingly innocent, yet unsafe practices that could cost their business a fortune - or even constitute a threat to their country's security.
To find out more about counter-APT mitigation strategies, visit the Enterprise IT Security Section of Kaspersky Lab's website.
Most Read Articles
Have Your Say
What new tech or developments are you most anticipating this year?