Kaspersky Lab senior security researcher Seongsu Park details the technique used by Lazarus in breaching into command and control servers of companies around the world, including those in the Asia Pacific region.

 
 

While researching the latest activities of the infamous cybercrime group Lazarus, Kaspersky Lab has uncovered a number of compromised servers being used as part of the threat actor’s global command and control infrastructure. The hacked servers are located around the world, including in the Asia Pacific region.
 

The compromised servers, found in Indonesia, India, Bangladesh, Malaysia, Vietnam, South Korea, Taiwan, and Thailand, among others, could be used by Lazarus to launch targeted attacks against a company or organization.
 

The researchers discovered that the servers had been infected using malware called Manuscrypt, a family the threat actor is known to have used since 2013. They believe that the Manuscrypt malware was installed using an exploit for CVE-2017-7269, a vulnerability in Microsoft Internet Information Services (IIS) 6.0 that was patched by Microsoft on June 13, 2017.
 

Many servers worldwide remain at risk of this exploit. According to open source intelligence, three of the top five countries that still have servers carrying this vulnerability are in the APAC region: China (with 7,848), India (1,524), and Hong Kong (1,102). The U.S. tops the list with the most vulnerable servers (11,949), while United Kingdom ranks 5th with 805.
 

If the exploit is successful, the malware can hand control of the compromised host to the attacker and easily implant additional malware on the server. Kaspersky Lab researchers have also found several tools on the servers, including an information harvester. Using this kind of information gathering tool, the attacker can steal information from the victim’s own infrastructure.
 

Lazarus is believed to be behind massive and high-profile attacks like the 2014 hack of Sony Pictures, the million-dollar Bangladesh Bank heist in 2016, and the recent WannaCry destructive ransomware epidemic. The Korean language group is thought to be state-sponsored.
 

“Companies are increasingly worried about being hit by advanced targeted attack groups like Lazarus. Unbeknown to them, their own corporate servers could be infected and manipulated by the hackers against them, or used to launch attacks on others,” says Seongsu Park, Senior Security Researcher at Kaspersky Lab’s Global Research and Analysis Team (GReAT).

 

Park predicts that with these incidents targeting enterprise networks, IT security priorities and processes will need to adapt as customers will require technology that is combined with intelligence and expertise, to protect them from both known and unknown threats.

 

In order to prevent falling victim to such an attack, Kaspersky Lab researchers recommend implementing the following measures:
• Install a robust security solution as part of a comprehensive, multi-layered approach to IT infrastructure security
• Enforce the use of strong passwords as part of the server authentication process
• Implement a continuous process of patch management
• Undertake a regular security audit of the IT infrastructure
• Consider investing in threat intelligence services which will keep the organization informed of emerging threats and offer an insight into the criminal perspective to help them assess their level of risk.
 

For further information on Kaspersky Lab’s threat intelligence services contact intelreports@kaspersky.com

 

Further information on Kaspersky Lab’s research on Lazarus can be found at Securelist.com.


RECOMMENDED ARTICLE FOR TECHWORLD


 
Akamai Agrees to Acquire Nominum
Techworld Date Posted: 17 October 2017 1:21 PM | 740 Views
Akamai Technologies, Inc. (NASDAQ: AKAM) today announced the company has entered into an agreement to acquire Nominum, a market leader in DNS and enterprise security solutions for carriers.. See More
 
Akamai Agrees to Acquire Nominum
Techworld Date Posted: 1:21 PM | 740 Views
Akamai Technologies, Inc. (NASDAQ: AKAM) today announced the company has entered into an agreement to acquire Nominum, a market leader in DNS and enterprise security solutions for carriers.See More

 
SAP Appoints Claus Andresen as President and Managing Director of Southeast Asia
Techworld Date Posted: 3 August 2017 2:46 PM | 545 Views
SAP (NYSE: SAP) today announced the appointment of Claus Andresen as President and Managing Director of SAP Southeast Asia, promoted from Chief Operating Officer of SAP Indian Subcontinent. Andresen will report directly to Scott.... See More
 
SAP Appoints Claus Andresen as President and Managing Director of Southeast Asia
Techworld Date Posted: 2:46 PM | 545 Views
SAP (NYSE: SAP) today announced the appointment of Claus Andresen as President and Managing Director of SAP Southeast Asia, promoted from Chief Operating Officer of SAP Indian Subcontinent. Andresen will report directly to Scott...See More

 
PH’s Biggest Telcos Converge, Unveil First PLDT-Smart Store in BGC
Techworld Date Posted: 27 April 2018 3:22 PM | 241 Views
Manila, Philippines – The country’s leaders in broadband, mobile and digital entertainment are now in one home. PLDT and Smart formally unveiled the first ever PLDT-Smart Store—a one-stop digital hub and converged store which.... See More
 
PH’s Biggest Telcos Converge, Unveil First PLDT-Smart Store in BGC
Techworld Date Posted: 3:22 PM | 241 Views
Manila, Philippines – The country’s leaders in broadband, mobile and digital entertainment are now in one home. PLDT and Smart formally unveiled the first ever PLDT-Smart Store—a one-stop digital hub and converged store which...See More

 
D-Link goes beyond better Wi-Fi with new EXO series
Techworld Date Posted: 24 October 2019 9:46 AM | 376 Views
D-Link goes beyond better Wi-Fi with new EXO series . See More
 
D-Link goes beyond better Wi-Fi with new EXO series
Techworld Date Posted: 9:46 AM | 376 Views
D-Link goes beyond better Wi-Fi with new EXO series See More

Frank Emmanuel Trazo
Summer Loving in VR: Summer Lesson
Techworld • By: Frank Emmanuel Trazo | Date Posted: 27 June 2017 10:55 AM | 1792 Views
Summer is one of the most magical and memorable seasons for the youth as it lets them experience love. As VR technology is becoming more reachable for public consumption and you can live in.... See More
Frank Emmanuel Trazo
Summer Loving in VR: Summer Lesson
Techworld • By: Frank Emmanuel Trazo | Date Posted: 10:55 AM | 1792 Views
Summer is one of the most magical and memorable seasons for the youth as it lets them experience love. As VR technology is becoming more reachable for public consumption and you can live in...See More

 
Salesforce Cites Achievements of Meralco Online
Techworld Date Posted: 5 November 2018 9:23 AM | 532 Views
The world's number one customer relationship management (CRM) platform company, Salesforce, cited Meralco Online for its achievements and service to customers.. See More
 
Salesforce Cites Achievements of Meralco Online
Techworld Date Posted: 9:23 AM | 532 Views
The world's number one customer relationship management (CRM) platform company, Salesforce, cited Meralco Online for its achievements and service to customers.See More

 
Epson Teams Up with DENR-EMB’s GREENducation PH for Its 1st EcoVision Short Film Competition for Students with an Extended Deadline
Techworld Date Posted: 23 January 2019 2:44 PM | 207 Views
Epson, in partnership with DENR-EMB (Environmental Management Bureau) and GREENducation Philippines, is extending the submission period for its 1st EcoVision Short Film Competition to February 19, 2019. . See More
 
Epson Teams Up with DENR-EMB’s GREENducation PH for Its 1st EcoVision Short Film Competition for Students with an Extended Deadline
Techworld Date Posted: 2:44 PM | 207 Views
Epson, in partnership with DENR-EMB (Environmental Management Bureau) and GREENducation Philippines, is extending the submission period for its 1st EcoVision Short Film Competition to February 19, 2019. See More

 
Over One Third of All Phishing Attacks Target Financial Sector Customers in Second Quarter of 2018
Techworld Date Posted: 22 August 2018 1:42 PM | 576 Views
In the second quarter of 2018, Kaspersky Lab’s anti-phishing technologies prevented over 107 million attempts to visit phishing pages, of which 35.7% were related to financial services and targeting customers through fake banking or.... See More
 
Over One Third of All Phishing Attacks Target Financial Sector Customers in Second Quarter of 2018
Techworld Date Posted: 1:42 PM | 576 Views
In the second quarter of 2018, Kaspersky Lab’s anti-phishing technologies prevented over 107 million attempts to visit phishing pages, of which 35.7% were related to financial services and targeting customers through fake banking or...See More

 
Epson Eases Print Management through EasyCare360
Techworld Date Posted: 4 December 2018 2:47 PM | 356 Views
Epson, a global leader in printing technologies and market leader for ink tank printers, recently launched its very own enterprise printing solution in a bid to ease print management for its customers nationwide. . See More
 
Epson Eases Print Management through EasyCare360
Techworld Date Posted: 2:47 PM | 356 Views
Epson, a global leader in printing technologies and market leader for ink tank printers, recently launched its very own enterprise printing solution in a bid to ease print management for its customers nationwide. See More

 
Kris Aquino, Bimby Give Three-Part Exclusive Tour of PLDT Home Fibr-Powered Home
Techworld Date Posted: 3 January 2018 2:26 PM | 892 Views
PLDT Home Ambassador and Queen of all Media Kris Aquino gave her viewers a treat this Christmas season through an exclusive corner-to-corner tour of her new, PLDT Home Fibr-powered home in Quezon City.. See More
 
Kris Aquino, Bimby Give Three-Part Exclusive Tour of PLDT Home Fibr-Powered Home
Techworld Date Posted: 2:26 PM | 892 Views
PLDT Home Ambassador and Queen of all Media Kris Aquino gave her viewers a treat this Christmas season through an exclusive corner-to-corner tour of her new, PLDT Home Fibr-powered home in Quezon City.See More


Power by

Download Free AZ | Free Wordpress Themes