Connect with us

Cyber Crime

Malware Campaign Targeting Indian Govt, Military: Cisco Talos Warns

Published

on

Malware Campaign Targeting Indian Govt, Military: Cisco Talos Warns

NOIDA: A malicious campaign was detected which was using two remote access trojan (RAT) – malware programs to target government employees and military people in India, Cisco Talos said.

The NetwireRAT (aka NetwireRC) and WarzoneRAT (aka Ave Maria) RATs are distributed via malicious documents and archives in this campaign.

Cisco Talos, the company’s threat intelligence branch, announced that it has recently detected a cyber attack campaign targeting Indian government employees and military personnel.

Cisco Talos released its findings in a blog post, describing how “Armor Piercer” distributes malicious documents in order to deploy Remote Access Trojans (RATs) and get access to highly classified information pertaining to government and defence institutions.

“The lures used in this campaign are predominantly around operational documents pertaining to ”Kavach”, a two-factor authentication (2FA) app operated by India”s National Informatics Centre (NIC) and used by government employees to access their emails,” it added.

The first instance of this campaign, according to Cisco Talos, was noticed in December 2020, and it used malicious MS Office documents known as maldocs that were disguised as security alerts, meeting schedules, software installation guidelines, and other materials.

The campaign was discovered to be employing several strategies and has grown to disguise itself and persist in the victim’s environment, escaping traditional detection measures, according to the report.

According to the blog, the campaign has been running since the end of 2020 and is still going strong.

Operation Armor Piercer, according to Cisco Director Security Business (India and SAARC) Vishak Raman, is a sobering reminder of the cybersecurity vulnerabilities that still exist.

“To ensure end-to-end security of India’s most precious assets and information, government and defence agencies must implement a layered defence strategy that enables comprehensive visibility and coverage across all endpoints, accelerates response by leveraging automation and orchestration to enrich data, and reduces massive data sets into actionable insights through AI/ML and data analytics,” Raman said.

How to protect your organization from such threat campaigns?

There is no ‘one solution’ to defend against modern cyber threats. Layered defence with the following characteristics helps to apply a highly effective cyber defence strategy.

Long Term Steps

1.      Expand visibility – Comprehensive coverage across attack surface – Endpoint, Email, Web, Network, Cloud, Data & Apps is necessary

2.      Reduce data – Apply AI/ML analytics to reduce massive data sets to actionable insights

3.      Accelerate response – Utilize automation and orchestration to enrich data, apply context across threat defence tools, avoiding siloes.

 Tactical Steps (Short Term)

1.      Continuous monitoring using an EDR – Prevent, Detect and Respond to threats using suitable Endpoint Detection and Response tools. Utilize Managed EDR and Threat Hunting services to augment for skillset gaps inhouse. Choose to use automated actions to contain threats as and when discovered using relevant playbooks.

2.      Email Security – Email is the no.1 threat vector to-date; an attack vector most threat campaigns use for spear-phishing its victims and to deliver malicious payloads. Utilize an email security solution agnostic to mail delivery solutions combined with advanced threat and phishing protection capabilities.

3.      Use an Adaptive MFA to protect email accounts from account compromise/takeover. Extend this capability across enterprise to enable zero trust access control across organizations application footprint.

4.      DNS & Web Security – All things on the Internet starts with Recursive DNS; The first layer of defence for cyber security attacks. Cascade DNS Security capability with Web Security to prevent access to CnC call-backs, Phishing and Malware domains, scanning for malicious downloads etc. Monitor shadow IT usage and scan for malware in clouds beyond on-prem DC.

5.      Security Analytics and Network Detection & Response – Detect insider threats using ML-based behaviour anomaly detection tools. Identify and contain zero-day threats and malware in encrypted payloads missed by other layered defence tools

6.      XDR – Too many alerts and alarms leads to alert fatigue. Choose a right XDR tool that integrates well with above security control points seamlessly, delivering visibility, threat investigation and automated response from a unified platform.

Follow The420.in on

 TelegramFacebookTwitterLinkedInInstagramYouTube

Continue Reading