A surge in malicious attacks was exposed by researchers yesterday. This series of attacks is particularly worrisome since it is reported to be targeting industrial and engineering companies in 30 countries across the globe.
Nicknamed "Operation Ghoul" by the researchers, the cybercriminals utilize spear-phishing emails loaded with malicious spyware to steal valuable corporate data in this new campaign.
Spear phishing is a form of targeted email scams aimed specifically at an individual or organization. By sending out carefully crafted emails with identifiable personal data, the attackers make it appear that the messages are coming from legitimate and trusted sources.
If the victim falls for the trap and opens a malicious attachment or link, spying malware and data theft software could then be installed on a machine or a network, leading to more attacks.
Operation Ghoul was first detected in June of this year. Emails that appeared to be sent from a United Arab Emirates bank began appearing in the inboxes of high and mid-level managers of various companies. The emails appeared to have valid payment information but they actually contained a malicious SWIFT attachment that installs spying malware on the victim's machine.
The attached malware is said to be derived from the HawkEye set of spyware tools, obtainable from the Dark Web. Once installed, the malware collects vital information such as keystrokes, clipboard data, installed applications, and account data from browsers and email/messaging clients.
The sensitive data is relayed to the attacker's remote servers for parsing and storage, which could then be used to launch more attacks or sold on the black market.
Based on the information gathered by investigators, the victims of this new spear-phishing campaign are mostly industrial and engineering organizations. Operation Ghoul may be a new large-scale industrial espionage attack launched specifically for financial gain by a known cybercriminal group that security experts have been tracking since March 2015.
This same group is reportedly still active and has successfully attacked more than 130 organizations from 30 countries around the world, including the U.S.
How to protect yourself from Operation Ghoul
To protect yourself and your company from Operation Ghoul and other spear phishing attacks, here's what to look for:
- Don't download unsolicited email attachments, especially from unknown sources.
- Don't click on links in suspicious emails.
- Don't trust "official" emails from companies you don't do business with.
- Take a second to look at any "official" emails before you follow any instructions.
It's also critical to educate company staff on how to spot phishing emails and provide them with information on how to prevent such attacks. Lastly, reliable security software is a must for stopping malware before it does damage.