Adwind malware attacks various
industries worldwide -Kaspersky

February 27 2017 2:56 PM


Image from Kaspersky Lab
Image from Kaspersky Lab

Businesses from various industrial sectors in over 100 countries and territories including the Philippines were successfully attacked by Adwind malware, a stealthy tool available as malware-as-a-service.

Kaspersky Lab has unmasked these new attacks which were able to infect more than 1,500 organizations from sectors like retail and distribution, architecture, construction and more.

Kaspersky Lab has detected a massive new hit by the Adwind Remote Access Tool (RAT). The attacks have impacted various industrial sectors, including retail and distribution (20.1 percent), architecture and construction (9.5 percent), shipping and logistics (5.5 percent), insurance and legal services (5 percent) and consulting (5 percent).

Adwind’s victims receive e-mails sent in the name of the HSBC Advising Service (from the domain), with payment advice in the attachment.

According to Kaspersky Lab research, the activity of this email domain can be tracked back to 2013.

Instead of instructions, the attachments contain the malware sample. If the targeted user opens the attached ZIP file, which has a JAR file in it, the malware self-installs and attempts to communicate with its command and control server.

The malware allows the attacker to gain almost complete control over the compromised device and steal confidential information from the infected computer.

The geographical distribution of attacked users registered by the Kaspersky Security Network (KSN) during this period shows that almost half of them (more than 40 percent) were living in the following countries:

1. Malaysia
2. United Kingdom
3. Germany
4. Lebanon
5. Turkey
6. Hong Kong
7. Kazakhstan
8. United Arab Emirates
9. Mexico
10. Russian Federation

In 2016, Kaspersky lab reported attacks made with the Adwind RAT, a cross-platform, multifunctional malware program also known as AlienSpy, Frutas, Unrecom, Sockrat, JSocket and jRat, which is distributed through a single malware-as-a-service platform.

One of the main features that distinguishes the Adwind RAT from other commercial malware is that it is distributed openly in the form of a paid service, where the “customer” pays a fee to use the malicious program.

According to the results of the investigation, which was conducted between 2013 and 2016, different versions of the Adwind malware have been used in attacks against at least 443,000 private users, commercial and non-commercial organizations around the world.

In order to protect yourself and your organization against this threat, Kaspersky Lab encourages enterprises to limit the use of Java to isolated applications that are impossible to run without the use of this platform.

In a similar way to financial operations, Java applications can be isolated with maximum security principles applied to them.

Kaspersky Lab’s solutions offer a wide variety of Application Control features to set the granular policy, and monitor and control the use of specific applications on corporate endpoints.