Kaspersky Lab senior security researcher Seongsu Park details the technique used by Lazarus in breaching into command and control servers of companies around the world, including those in the Asia Pacific region.

 
 

While researching the latest activities of the infamous cybercrime group Lazarus, Kaspersky Lab has uncovered a number of compromised servers being used as part of the threat actor’s global command and control infrastructure. The hacked servers are located around the world, including in the Asia Pacific region.
 

The compromised servers, found in Indonesia, India, Bangladesh, Malaysia, Vietnam, South Korea, Taiwan, and Thailand, among others, could be used by Lazarus to launch targeted attacks against a company or organization.
 

The researchers discovered that the servers had been infected using malware called Manuscrypt, a family the threat actor is known to have used since 2013. They believe that the Manuscrypt malware was installed using an exploit for CVE-2017-7269, a vulnerability in Microsoft Internet Information Services (IIS) 6.0 that was patched by Microsoft on June 13, 2017.
 

Many servers worldwide remain at risk of this exploit. According to open source intelligence, three of the top five countries that still have servers carrying this vulnerability are in the APAC region: China (with 7,848), India (1,524), and Hong Kong (1,102). The U.S. tops the list with the most vulnerable servers (11,949), while United Kingdom ranks 5th with 805.
 

If the exploit is successful, the malware can hand control of the compromised host to the attacker and easily implant additional malware on the server. Kaspersky Lab researchers have also found several tools on the servers, including an information harvester. Using this kind of information gathering tool, the attacker can steal information from the victim’s own infrastructure.
 

Lazarus is believed to be behind massive and high-profile attacks like the 2014 hack of Sony Pictures, the million-dollar Bangladesh Bank heist in 2016, and the recent WannaCry destructive ransomware epidemic. The Korean language group is thought to be state-sponsored.
 

“Companies are increasingly worried about being hit by advanced targeted attack groups like Lazarus. Unbeknown to them, their own corporate servers could be infected and manipulated by the hackers against them, or used to launch attacks on others,” says Seongsu Park, Senior Security Researcher at Kaspersky Lab’s Global Research and Analysis Team (GReAT).

 

Park predicts that with these incidents targeting enterprise networks, IT security priorities and processes will need to adapt as customers will require technology that is combined with intelligence and expertise, to protect them from both known and unknown threats.

 

In order to prevent falling victim to such an attack, Kaspersky Lab researchers recommend implementing the following measures:
• Install a robust security solution as part of a comprehensive, multi-layered approach to IT infrastructure security
• Enforce the use of strong passwords as part of the server authentication process
• Implement a continuous process of patch management
• Undertake a regular security audit of the IT infrastructure
• Consider investing in threat intelligence services which will keep the organization informed of emerging threats and offer an insight into the criminal perspective to help them assess their level of risk.
 

For further information on Kaspersky Lab’s threat intelligence services contact intelreports@kaspersky.com

 

Further information on Kaspersky Lab’s research on Lazarus can be found at Securelist.com.


RECOMMENDED ARTICLE FOR TECHWORLD


 
CTO Reflections: Beyond the Appliance
Techworld Date Posted: 30 August 2017 3:46 PM | 171 Views
For anyone reading the news regularly, it's not hard to grasp that cyber threats are getting more sophisticated and damaging by the day. From a security technology provider's perspective, I can add that tackling.... See More
 
CTO Reflections: Beyond the Appliance
Techworld Date Posted: 3:46 PM | 171 Views
For anyone reading the news regularly, it's not hard to grasp that cyber threats are getting more sophisticated and damaging by the day. From a security technology provider's perspective, I can add that tackling...See More

 
Snake Oil: In Q2 Spammers Cashed in on WannaCry Epidemics to Promote Fraudulent Services for Protection against the Notorious Ransomware Attack
Techworld Date Posted: 4 September 2017 3:30 PM | 200 Views
In Q2 2017, cybercriminals involved in spam distribution tried to capitalize on public fears when the WannaCry ransomware epidemic struck in May. Knowing that there are lots of people out there infected with this.... See More
 
Snake Oil: In Q2 Spammers Cashed in on WannaCry Epidemics to Promote Fraudulent Services for Protection against the Notorious Ransomware Attack
Techworld Date Posted: 3:30 PM | 200 Views
In Q2 2017, cybercriminals involved in spam distribution tried to capitalize on public fears when the WannaCry ransomware epidemic struck in May. Knowing that there are lots of people out there infected with this...See More

 
Study Reveals More Than Half of Asia Pacific Consumers Prioritize Security over Convenience in their App Experience
Techworld Date Posted: 24 August 2018 4:28 PM | 64 Views
Consumers will now trade app convenience for security, according to a study commissioned by F5 Networks (NASDAQ: FFIV) ‘The Curve of Convenience – the trade-off between security and convenience’. . See More
 
Study Reveals More Than Half of Asia Pacific Consumers Prioritize Security over Convenience in their App Experience
Techworld Date Posted: 4:28 PM | 64 Views
Consumers will now trade app convenience for security, according to a study commissioned by F5 Networks (NASDAQ: FFIV) ‘The Curve of Convenience – the trade-off between security and convenience’. See More

Frank Emmanuel Trazo
Tiny Survivor in a Big, Dark World
All About Gaming • By: Frank Emmanuel Trazo | Date Posted: 9 September 2017 1:17 PM | 242 Views
Every child has their own fear of the unknown since they have not yet understood the world. As they grow up, those fears fade away while gaining wisdom. Despite achieving enlightenment through experiences in.... See More
Frank Emmanuel Trazo
Tiny Survivor in a Big, Dark World
All About Gaming • By: Frank Emmanuel Trazo | Date Posted: 1:17 PM | 242 Views
Every child has their own fear of the unknown since they have not yet understood the world. As they grow up, those fears fade away while gaining wisdom. Despite achieving enlightenment through experiences in...See More

 
Thailand and Vietnam Take Top Honors at GeForce eSports Xtreme Tournament in Southeast Asia
Techworld Date Posted: 28 November 2017 10:17 AM | 485 Views
The GeForce® eSports Xtreme Tournament (GEXT) in Southeast Asia came to a truly exciting ending with teams from Thailand and Vietnam emerging as champions in their respective categories. . See More
 
Thailand and Vietnam Take Top Honors at GeForce eSports Xtreme Tournament in Southeast Asia
Techworld Date Posted: 10:17 AM | 485 Views
The GeForce® eSports Xtreme Tournament (GEXT) in Southeast Asia came to a truly exciting ending with teams from Thailand and Vietnam emerging as champions in their respective categories. See More

 
Fortinet Recommended in NSS Labs Next-Generation Intrusion Prevention System (NGIPS) Test
Techworld Date Posted: 16 November 2017 10:31 AM | 398 Views
Fortinet® (NASDAQ: FTNT), the global leader in high-performance cybersecurity solutions, today announced the results of the latest NSS Labs Next-Generation Intrusion Prevention System (NGIPS) group test report.. See More
 
Fortinet Recommended in NSS Labs Next-Generation Intrusion Prevention System (NGIPS) Test
Techworld Date Posted: 10:31 AM | 398 Views
Fortinet® (NASDAQ: FTNT), the global leader in high-performance cybersecurity solutions, today announced the results of the latest NSS Labs Next-Generation Intrusion Prevention System (NGIPS) group test report.See More

 
Epson Philippines Celebrates 20 Years of Leading the Show
Techworld Date Posted: 26 September 2018 3:48 PM | 82 Views
Epson Philippines Corporation (EPC) celebrated its 20th year anniversary at the Grand Ballroom of the Grand Hyatt Hotel in BGC, Taguig City. . See More
 
Epson Philippines Celebrates 20 Years of Leading the Show
Techworld Date Posted: 3:48 PM | 82 Views
Epson Philippines Corporation (EPC) celebrated its 20th year anniversary at the Grand Ballroom of the Grand Hyatt Hotel in BGC, Taguig City. See More

 
MSI Gaming joins the biggest gaming event in the philippines, E-SPORTS and gaming summit 2017
Techworld Date Posted: 24 October 2017 10:21 AM | 205 Views
Pasay City, Philippines – Micro-star International or MSI, the world’s best-selling gaming laptop brand, is one of the sponsors and exhibitors in the ESGS Event this October 27-29, 2017 at the SMX Convention Center..... See More
 
MSI Gaming joins the biggest gaming event in the philippines, E-SPORTS and gaming summit 2017
Techworld Date Posted: 10:21 AM | 205 Views
Pasay City, Philippines – Micro-star International or MSI, the world’s best-selling gaming laptop brand, is one of the sponsors and exhibitors in the ESGS Event this October 27-29, 2017 at the SMX Convention Center....See More

 
FEW DAYS BEFORE THE RELEASE OF DRAGON BALL FIGHTERZ
Techworld Date Posted: 23 January 2018 4:58 PM | 122 Views
The most anticipated fighting game is about to be launched on PlayStation®4, Xbox One, and PCs via STEAM®.. See More
 
FEW DAYS BEFORE THE RELEASE OF DRAGON BALL FIGHTERZ
Techworld Date Posted: 4:58 PM | 122 Views
The most anticipated fighting game is about to be launched on PlayStation®4, Xbox One, and PCs via STEAM®.See More

 
ZOWIE eXTREMESLAND Qualifiers Is Now Open
Techworld Date Posted: 26 July 2018 1:41 PM | 422 Views
BenQ Philippines in Partnership with ArkAngel Internet Café and WASD Philippines is proud to bring the Extremesland Official Philippine Qualifiers.. See More
 
ZOWIE eXTREMESLAND Qualifiers Is Now Open
Techworld Date Posted: 1:41 PM | 422 Views
BenQ Philippines in Partnership with ArkAngel Internet Café and WASD Philippines is proud to bring the Extremesland Official Philippine Qualifiers.See More


Power by

Download Free AZ | Free Wordpress Themes