Hackers have been phishing energy sector employees in an attempt to spy on the companies.
Symantec, an American technology company known largely for their Norton security products, discovered focused multi-stage attacks on energy companies, mostly targeting the Middle East, but also hitting the U.S., U.K, and others.
The attackers spam the employess with emails from a moneytrans.edu domain. Attached to the emails is an Excel document that contains a malicious exploit for Microsoft Windows Common Controls ActiveX Control Remote Code Execution Vulnerability(CVE-2012-0158). Then the attack uses an information-stealer, dubbed Trojan.Laziok, as a data gathering tool. Once data is gathered, they use it inject even more malware on to the victim’s computer.
The good news is that the vulnerability they are exploiting, CVE-201200158, is old and has been patched. The bad news is that a lot of companies may not be updating regularly.
“Many people still fail to apply patches for vulnerabilities that are several years old, leaving themselves open to attacks of this kind,” Symantec said in their official blog,” From the attacker’s perspective, they don’t always need to have the latest tools at their disposal to succeed. All they need is a bit of help from the user and a lapse in security operations through the failure to patch.”
For information on how you can prevent your organization from being breached, visit www.miltonsecurity.com or call 714-515-4011.