Kaspersky Lab senior security researcher Seongsu Park details the technique used by Lazarus in breaching into command and control servers of companies around the world, including those in the Asia Pacific region.

 
 

While researching the latest activities of the infamous cybercrime group Lazarus, Kaspersky Lab has uncovered a number of compromised servers being used as part of the threat actor’s global command and control infrastructure. The hacked servers are located around the world, including in the Asia Pacific region.
 

The compromised servers, found in Indonesia, India, Bangladesh, Malaysia, Vietnam, South Korea, Taiwan, and Thailand, among others, could be used by Lazarus to launch targeted attacks against a company or organization.
 

The researchers discovered that the servers had been infected using malware called Manuscrypt, a family the threat actor is known to have used since 2013. They believe that the Manuscrypt malware was installed using an exploit for CVE-2017-7269, a vulnerability in Microsoft Internet Information Services (IIS) 6.0 that was patched by Microsoft on June 13, 2017.
 

Many servers worldwide remain at risk of this exploit. According to open source intelligence, three of the top five countries that still have servers carrying this vulnerability are in the APAC region: China (with 7,848), India (1,524), and Hong Kong (1,102). The U.S. tops the list with the most vulnerable servers (11,949), while United Kingdom ranks 5th with 805.
 

If the exploit is successful, the malware can hand control of the compromised host to the attacker and easily implant additional malware on the server. Kaspersky Lab researchers have also found several tools on the servers, including an information harvester. Using this kind of information gathering tool, the attacker can steal information from the victim’s own infrastructure.
 

Lazarus is believed to be behind massive and high-profile attacks like the 2014 hack of Sony Pictures, the million-dollar Bangladesh Bank heist in 2016, and the recent WannaCry destructive ransomware epidemic. The Korean language group is thought to be state-sponsored.
 

“Companies are increasingly worried about being hit by advanced targeted attack groups like Lazarus. Unbeknown to them, their own corporate servers could be infected and manipulated by the hackers against them, or used to launch attacks on others,” says Seongsu Park, Senior Security Researcher at Kaspersky Lab’s Global Research and Analysis Team (GReAT).

 

Park predicts that with these incidents targeting enterprise networks, IT security priorities and processes will need to adapt as customers will require technology that is combined with intelligence and expertise, to protect them from both known and unknown threats.

 

In order to prevent falling victim to such an attack, Kaspersky Lab researchers recommend implementing the following measures:
• Install a robust security solution as part of a comprehensive, multi-layered approach to IT infrastructure security
• Enforce the use of strong passwords as part of the server authentication process
• Implement a continuous process of patch management
• Undertake a regular security audit of the IT infrastructure
• Consider investing in threat intelligence services which will keep the organization informed of emerging threats and offer an insight into the criminal perspective to help them assess their level of risk.
 

For further information on Kaspersky Lab’s threat intelligence services contact intelreports@kaspersky.com

 

Further information on Kaspersky Lab’s research on Lazarus can be found at Securelist.com.


RECOMMENDED ARTICLE FOR TECHWORLD


 
Lenovo Continues Support for ‘Outstanding Tech Visionary’
Techworld Date Posted: 2 October 2018 11:22 AM | 159 Views
Lenovo, a global leader in PC and smart devices, recently renewed its support to the youth by providing additional laptop grants to the University of the Philippines Genetic Researchers and Agricultural Innovators Society (UP.... See More
 
Lenovo Continues Support for ‘Outstanding Tech Visionary’
Techworld Date Posted: 11:22 AM | 159 Views
Lenovo, a global leader in PC and smart devices, recently renewed its support to the youth by providing additional laptop grants to the University of the Philippines Genetic Researchers and Agricultural Innovators Society (UP...See More

 
Enjoy Up to 30 Percent Discount on Booking.com Accommodations with PLDT and Smart
Techworld Date Posted: 15 September 2018 2:13 PM | 241 Views
In line with their thrust to give customers epic and incredible experiences, leading telco and digital services provider PLDT, Inc. and its mobile services arm Smart Communications, Inc. have teamed up with Booking.com to.... See More
 
Enjoy Up to 30 Percent Discount on Booking.com Accommodations with PLDT and Smart
Techworld Date Posted: 2:13 PM | 241 Views
In line with their thrust to give customers epic and incredible experiences, leading telco and digital services provider PLDT, Inc. and its mobile services arm Smart Communications, Inc. have teamed up with Booking.com to...See More

 
GeForce® Gamers Are Game Ready for Final Fantasy XV! PUBG Now even Faster!
Techworld Date Posted: 1 March 2018 2:55 PM | 948 Views
NVIDIA® has released a new Game Ready Driver for Final Fantasy XV Windows Edition. In addition, it provides a performance boost of up to 7% in PlayerUnknown’s Battlegrounds (PUBG), along with being optimised for.... See More
 
GeForce® Gamers Are Game Ready for Final Fantasy XV! PUBG Now even Faster!
Techworld Date Posted: 2:55 PM | 948 Views
NVIDIA® has released a new Game Ready Driver for Final Fantasy XV Windows Edition. In addition, it provides a performance boost of up to 7% in PlayerUnknown’s Battlegrounds (PUBG), along with being optimised for...See More

 
New Quadro-Powered Mobile Workstations Provide Ultimate Creative Freedom
Techworld Date Posted: 31 January 2017 3:30 AM | 516 Views
NVIDIA® recently announced that DELL™, HPI, Lenovo™, MSI®, and Fujitsu are all introducing advanced mobile workstations. See More
 
New Quadro-Powered Mobile Workstations Provide Ultimate Creative Freedom
Techworld Date Posted: 3:30 AM | 516 Views
NVIDIA® recently announced that DELL™, HPI, Lenovo™, MSI®, and Fujitsu are all introducing advanced mobile workstationsSee More

 
How a United Voice Can Build Digital Trust in Cybersecurity
Techworld Date Posted: 18 February 2019 11:49 AM | 125 Views
In its business predictions for 2019, industry analyst Forrester says more companies will implement cybersecurity strategies based on a principle of “zero trust” --- continuously questioning the security of all internal and external activity..... See More
 
How a United Voice Can Build Digital Trust in Cybersecurity
Techworld Date Posted: 11:49 AM | 125 Views
In its business predictions for 2019, industry analyst Forrester says more companies will implement cybersecurity strategies based on a principle of “zero trust” --- continuously questioning the security of all internal and external activity....See More

 
Spy Spotting – What Careless Mistakes Reveal about Cyberespionage in APAC
Techworld Date Posted: 24 October 2017 10:22 AM | 349 Views
Kaspersky Lab’s Senior Security Researcher Noushin Shabab looks back at major cyberespionage cases that hit the Asia Pacific region to reveal the mistakes committed by cybercriminals that help researchers unmask their identity.   Errors.... See More
 
Spy Spotting – What Careless Mistakes Reveal about Cyberespionage in APAC
Techworld Date Posted: 10:22 AM | 349 Views
Kaspersky Lab’s Senior Security Researcher Noushin Shabab looks back at major cyberespionage cases that hit the Asia Pacific region to reveal the mistakes committed by cybercriminals that help researchers unmask their identity.   Errors...See More

 
Exploring the Benefits of Gender Diversity in Cybersecurity
Techworld Date Posted: 27 April 2019 11:13 AM | 60 Views
Research shows more diverse teams are higher performing when compared to homogenous teams. Yet today, only 11% of cybersecurity professionals are women. This gender discrepancy, coupled with the cybersecurity skills shortage, offers women a.... See More
 
Exploring the Benefits of Gender Diversity in Cybersecurity
Techworld Date Posted: 11:13 AM | 60 Views
Research shows more diverse teams are higher performing when compared to homogenous teams. Yet today, only 11% of cybersecurity professionals are women. This gender discrepancy, coupled with the cybersecurity skills shortage, offers women a...See More

 
Happy 25th Birthday ThinkPad
Techworld Date Posted: 14 October 2017 1:48 PM | 510 Views
Lenovo (HKSE: 992) (ADR: LNVGY) today proudly announced, at an exclusive event at the Yamato Labs in Japan, the birthplace of ThinkPad, a limited-edition model to celebrate twenty-five years of design and engineering innovation.. See More
 
Happy 25th Birthday ThinkPad
Techworld Date Posted: 1:48 PM | 510 Views
Lenovo (HKSE: 992) (ADR: LNVGY) today proudly announced, at an exclusive event at the Yamato Labs in Japan, the birthplace of ThinkPad, a limited-edition model to celebrate twenty-five years of design and engineering innovation.See More

 
UBTECH OPENS ROBOTICS SUMMER WORKSHOP
Techworld Date Posted: 8 May 2018 3:07 PM | 343 Views
The introduction and availability of programmable robots (Robotics) at brickand-mortar stores are still unrecognizable. For most, these robots are too expensive for a “toy” without even exploring its value and benefits to their kids,.... See More
 
UBTECH OPENS ROBOTICS SUMMER WORKSHOP
Techworld Date Posted: 3:07 PM | 343 Views
The introduction and availability of programmable robots (Robotics) at brickand-mortar stores are still unrecognizable. For most, these robots are too expensive for a “toy” without even exploring its value and benefits to their kids,...See More

 
Sony’s Xperia XZ Premium Gets Android 8.0 Oreo Upgrade
Techworld Date Posted: 4 December 2017 4:42 PM | 444 Views
Sony’s Xperia XZ Premium is getting an OS upgrade. The Android 8.0 Oreo update is now available for Sony’s flagship smartphone but it also goes beyond the usual as it brings with it cool.... See More
 
Sony’s Xperia XZ Premium Gets Android 8.0 Oreo Upgrade
Techworld Date Posted: 4:42 PM | 444 Views
Sony’s Xperia XZ Premium is getting an OS upgrade. The Android 8.0 Oreo update is now available for Sony’s flagship smartphone but it also goes beyond the usual as it brings with it cool...See More


Power by

Download Free AZ | Free Wordpress Themes