Breaking News

TerraMaster Introduces Upgraded D8 Thunderbolt 3 8-Bay DAS for Professional Creators PHISON IS THE FIRST TO SHIP THE NEW PCIe SD EXPRESS CARD (SD 7.0) SP Industrial Presents “Cinema Series” CF Cards For Unparalleled 4K/8K Recording Samsung Begins Mass Production of Data Center SSD Customized for Hyperscale Environments Sony Launches FX3 Full-Frame Camera with Cinematic Look and Enhanced Operability for Creators

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Hackers Target Banks in the Middle East

Hackers Target Banks in the Middle East

Enterprise & IT May 23,2016 0

In the first week of May 2016, security research firm FireEye identified a wave of emails containing malicious attachments being sent to multiple banks in the Middle East region. The threat actors appear to be performing initial reconnaissance against would-be targets, and the attacks caught the researchers' attention since they were using unique scripts not commonly seen in crimeware campaigns.

The attackers sent multiple emails containing macro-enabled XLS files to employees working in the banking sector in the Middle East. The themes of the messages used in the attacks are related to IT Infrastructure such as a log of Server Status Report or a list of Cisco Iron Port Appliance details. In one case, the content of the email appeared to be a legitimate email conversation between several employees, even containing contact details of employees from several banks. This email was then forwarded to several people, with the malicious Excel file attached.

One of the interesting techniques observed in this attack was the display of additional content after the macro executed successfully. This was done for the purpose of social engineering – specifically, to convince the victim that enabling the macro did in fact result in the "unhiding" of additional spreadsheet data.

This malicious file is used to collect important information from the system, including the currently logged on user, the hostname, network configuration data, user and group accounts, local and domain administrator accounts, running processes, and other data, FireEye said.

Another interesting technique leveraged by this malware was the use of DNS queries as a data exfiltration channel. This was likely done because DNS is required for normal network operations. The DNS protocol is unlikely to be blocked (allowing free communications out of the network) and its use is unlikely to raise suspicion among network defenders.

The identity of the hackersis not known.

FireEye said Qatar National Bank was not one of the "several banks" in the Middle East where researchers had found the malware.

This attack also demonstrates that macro malware is effective even today. FireEye says that users can protect themselves from such attacks by disabling Office macros in their settings and also by being more vigilant when enabling macros (especially when prompted) in documents, even if such documents are from seemingly trusted sources.

Tags: Hacking
Previous Post
AMD, ARM, Huawei, IBM, Mellanox, Qualcomm, Xilinx Unite To Form CCIX Accelerator Consortium
Next Post
Google Showcases "Soli" Gesture Control Technology, Project Ara And Levi's Smart Jacket Coming Next Year

Related Posts

  • European Supercomputers Researching Covid-19 Report Hacking Attacks

  • Microsoft Offers You $100,000 If You Can Hack the Linux-based Azure Sphere

  • Zoom Users' Data have Been on Sale on Dark Web: report

  • Indonesia's Tokopedia Inverstigates Alleged Data Leak of 91 Million Users

  • Nintendo Says 160,000 Accounts Have Been Hacked

  • Marriott Discloses New Data Breach

  • FireEye Warns About Chinese APT41 Global Intrusion Campaign Using Multiple Exploits

  • Pwn2Own 2020: Hackers Targeted Ubuntu, VMWare, Windows 10 and More

Latest News

TerraMaster Introduces Upgraded D8 Thunderbolt 3 8-Bay DAS for Professional Creators
Enterprise & IT

TerraMaster Introduces Upgraded D8 Thunderbolt 3 8-Bay DAS for Professional Creators

PHISON IS THE FIRST TO SHIP THE NEW PCIe SD EXPRESS CARD (SD 7.0)
Enterprise & IT

PHISON IS THE FIRST TO SHIP THE NEW PCIe SD EXPRESS CARD (SD 7.0)

SP Industrial Presents “Cinema Series” CF Cards For Unparalleled 4K/8K Recording
Cameras

SP Industrial Presents “Cinema Series” CF Cards For Unparalleled 4K/8K Recording

Samsung Begins Mass Production of Data Center SSD Customized for Hyperscale Environments
Enterprise & IT

Samsung Begins Mass Production of Data Center SSD Customized for Hyperscale Environments

Sony Launches FX3 Full-Frame Camera with Cinematic Look and Enhanced Operability for Creators
Cameras

Sony Launches FX3 Full-Frame Camera with Cinematic Look and Enhanced Operability for Creators

Popular Reviews

CeBIT 2005

CeBIT 2005

Zidoo Z9S 4K Media Player review

Zidoo Z9S 4K Media Player review

CeBIT 2006

CeBIT 2006

LiteOn iHBS112 review

LiteOn iHBS112 review

Club3D HD3850

Club3D HD3850

Crucial P1 NVMe 1TB SSD review

Crucial P1 NVMe 1TB SSD review

Toshiba Exceria M303 64GB and M501 Exceria Pro 64GB MicroSDXC review

Toshiba Exceria M303 64GB and M501 Exceria Pro 64GB MicroSDXC review

Hitachi DZ-MV100A DVD Camcorder

Hitachi DZ-MV100A DVD Camcorder

  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed