Dubai: Security solutions provider Kaspersky Lab has discovered a new wave of targeted attacks against 130 industrial and engineering sectors from 30 countries around the world, including the UAE.
Using spear-phishing malware (a term used to refer to a variety of forms of intrusive software) and emails, criminals are hunting for valuable business-related data stored in their victims’ networks.
In June 2016, researchers from the Russian company spotted a wave of spear-phishing e-mails with malicious attachments. These messages were mostly sent to the top and middle level managers of numerous companies.
Dubbed Operation Ghoul by Kaspersky Lab, it is the latest among several campaigns that are supposedly controlled by the same criminal group.
“In ancient folklore, the Ghoul is an evil spirit associated with consuming human flesh and hunting kids, originally a Mesopotamian demon. Today, the term is sometimes used to describe a greedy or materialistic individual. This is quite a precise description of the group behind Operation Ghoul,” said Mohammad Ameen Hasbini, security expert at Kaspersky Lab.
He said the emails sent by the attackers are made to appear as if they're coming from a bank in the UAE. The emails looked like “demand for payment” letter from the bank with an attached document, which is actually the malware. Kaspersky declined to name the bank.
“Their main motivation is financial gain resulting either from sales of stolen intellectual property and business intelligence, or from attacks on their victim’s banking accounts,” he said.
Unlike state-sponsored actors, which tend to choose political and business targets very carefully, he said that this group and similar groups are attacking companies indiscriminately. Even though they use rather simple malicious tools, they are very effective in their attacks. Thus companies that are not prepared to spot the attacks will likely suffer.
Hassam Sidani, regional manager for Symantec Gulf, said that UAE’s threat profile has worsened in a global ranking from 49 in 2014 to 41 in 2015 with the numbers of attacks originating in the UAE increasing over the last year.
“The UAE is considered a pivotal gateway to the Middle East and owing largely to its world-class IT infrastructure, connectivity and an attractive business environment, the UAE is a commercial hub for a large number of global organisations. Given its high-profile internationally, the country is a lucrative target for cybercriminals,” he said.
Investigations conducted by Kaspersky Lab researchers showed that the spear-phishing campaign has been tracked by company researchers since March 2015. The June attacks appear to be the most recent operation conducted by this group.