Posted by: TAZ Networks on August 21, 2020 at 12:00 pm
A new malware attack out of North Korea, called BLINDINGCAN, targets government contractors, mainly in the aerospace and defense sectors. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) identified the malware.
Part phishing, part social engineering, the hackers pose as job recruiters with big corporations. Their target? Individuals working with aerospace or defense contracts. First, the hackers involve the target in a fake interview process. Then, they send tampered Microsoft Office documents or PDFs that install the ransomware.
The files may appear to be innocent logos, images, icons, but contain a toxic combination of software. Once installed, the hackers can access a wide range of information on the user’s system, including:
- Operating system (OS) version information
- Processor information
- System name
- Local IP address information
- Media access control (MAC) address
In addition, BLINDINGCAN malware allows the hackers to remotely
- Retrieve information about all installed disks, including the disk type and the amount of free space on the disk
- Create, start, and terminate a new process and its primary thread
- Search, read, write, move, and execute files
- Get and modify file or directory timestamps
- Change the current directory for a process or file
- Delete malware and artifacts associated with the malware from the infected system
Note that last point: Once the damage is done, the malware can then erase all trace of itself from the infected computer!
How to Defeat BLINDINGCAN Malware
CISA recommends general security best practices. These aren’t anything new, necessarily, but a reminder is always good:
- Maintain up-to-date antivirus signatures and engines.
- Keep operating system patches up-to-date.
- Disable File and Printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
- Restrict users’ ability (permissions) to install and run unwanted software applications. Do not add users to the local administrators group unless required.
- Enforce a strong password policy and implement regular password changes.
- Exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known.
- Enable a personal firewall on agency workstations, configured to deny unsolicited connection requests.
- Disable unnecessary services on agency workstations and servers.
- Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its “true file type” (i.e., the extension matches the file header).
- Monitor users’ web browsing habits; restrict access to sites with unfavorable content.
- Exercise caution when using removable media (e.g., USB thumb drives, external drives, CDs, etc.).
- Scan all software downloaded from the Internet prior to executing.
Keeping up with the latest malware can be an exhausting project. But it’s absolutely critical that even small businesses are alert and keep their systems protected.
You have enough on your plate. Why not let TAZ Networks do the “keeping up” for you? Make an appointment today to get started.
Source: CISA Alert, with help from ZDNet and Bleeping Computer.