Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Cyber criminals develop business-like characteristics

Anuradha Shukla | April 2, 2012
Trend Micro discovers detailed information about the Luckycat campaign.

Cyber criminals are developing more business-like characteristics in managing and tracking their attacks, according to Trend Micro.

The global cloud security specialist discovered this fact during a study of Luckycat campaign, which is linked to more than 90 unique attacks in Japan, India and Tibet since June 2011.

This infamous attack involved a series of ongoing attacks over time. Consistent cyber espionage attacked specific targets as part of consistent campaigns to breach data security.

All these attacks eventually succeeded in compromising 233 computers in the Aerospace, Energy, Engineering, Shipping, Military research and Tibetan activists sectors. 

Based on the analysis of the Luckycat campaign, Trend Micro has identified that more business-like characteristics in managing and tracking their attacks will allow cyber criminals to continue maintaining a presence within their victim's networks. 

Links to hacker forum

Trend Micro's analysis of Luckycat campaign has shown that the attackers are linked to a famous hacker forum in China known as Xfocus, as well as an information security institute in China.

These attackers also utilise free tools to ensure their command and control (C&C) infrastructure is maintained and can adjust quickly in the event of detection.

Moreover, these attackers used or provided infrastructure for other malware campaigns that have been linked to previous attacks and have also used additional malware as second-stage malware in their attacks.

Trend Micro suggests that organisations looking to prevent future attacks
should focus on detecting and mitigating attacks.

They should also take standard and relevant attack prevention measures and mechanisms such as solid patch management; endpoint and network security; and firewall use.


Sign up for Computerworld eNewsletters.