Just after signing a memorandum of understanding (MoU) with the Smart Africa Alliance last month, Kaspersky Lab has discovered attacks which appear to be using a zero-day exploit for the InPage text editor. The exploit was used in attacks against banks in some Asian and African countries.
A zero-day vulnerability refers to a hole in a software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero-day attack. Uses of zero-day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term “zero-day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users.
InPage is a software package used by Urdu- and Arabic-speaking people and organizations around the world, having has some 19 million users, 10 million in Pakistan, six million in India, two million in the UK, and one million in the US. The text editor is widely used by media and print shops, as well as governmental and financial institutions, such as banks, that work with texts written in Perso-Arabic scripts.
Attacked organizations identified by Kaspersky Lab researchers are located in Myanmar, Sri-Lanka and Uganda.
IT News Africa reports that It is not the first time that Kaspersky Lab sees specific “local” software used to infect victims in a cyber attack. In 2013 the company’s researchers observed similar tactics in the attacks attributed to the Icefog campaign. That time the attacker used malicious HWP documents which are made to work with Hangul Word Processor, a proprietary word processing application used extensively in South Korea.
Kaspersky Labs analyst Denis Legezo who found the attacks said,
“The use of vulnerabilities in specific software with a relatively low global presence and a very narrow target audience is an easy-to-understand tactic. The attackers adjust their tactics to their target’s behavior by developing exploits for custom software which doesn’t always receive the kind of scrutiny that big software companies apply to their products. Since local software is not a common target of exploit writers, vendors are not very responsive to vulnerability reports and existing exploits remain workable for a long time”
If you are a user of Kaspersky Lab Protection packages, then you have already been protected against this attack for quite some time – and the protection has worked well in blocking a number of malicious InPage documents. Kaspersky Lab products successfully detect the InPage exploit with the following detection name: HEUR:Exploit.Win32.Generic.
To avoid loss of valuable information and in the case of banks, money, security experts advise financial organizations to check their systems for the presence of these threats and to take the following measures:
- Make sure you have a corporate-grade internet security suite capable of catching exploits generically, such as Kaspersky Endpoint Security for Business.
- Instruct your staff not to open attachments or URLs in emails sent from unknown sources.
- Use the most recent versions of software on endpoints in your company. Avoid using software known to be vulnerable. To automate these tasks use Vulnerability Assessment and Patch Management solutions.
- Subscribe to a professional threat intelligence service like Kaspersky Lab’s APT reporting service to get instant access to actionable information on the most recent cyber-attacks which may target your organization.
- Educate your staff in cybersecurity. The malware sample that enabled the discovery of the exploit was found with the help of specifically created Yara rules. Invest in the education of your security staff so that they are able to do the same on their own and therefore protect your organization from sophisticated targeted attacks.
Latest posts by Frederick Damasus (see all)
- Kapersky Lab Discovers Zero-Day Vulnerability Attacks on Asian and African Banks - November 24, 2016
- This South African School is Offering Degree course in Gaming - November 19, 2016
- Paystack introduces online payment for Nigerian merchants with Shopify Accounts. - November 15, 2016
- Samsung’s Exploding Device Problem: The Galaxy Note 7 isn’t Alone as Samsung Recalls its Top-Loading Washers - November 5, 2016
- Kaspersky Lab to improve cybersecurity in Africa, signs MoU with Smart Africa Alliance - October 31, 2016