Top Middle East Cyber Threat – 29 April 2020
At Help AG, our Managed Security Services (MSS) team offers 24x7x365 monitoring of complex IT security infrastructures to some of the largest enterprises in the region. As a result, we have our eyes keenly fixed on the cybersecurity threat landscape and are among the first in the region to learn and act upon new threats.
In this blog, we share the top cybersecurity threat our MSS team has recently come across. So, read on to learn about what you need to look out for in the weeks ahead:
Agent Tesla Unleashed
Oil prices hit an all-time low last week but that’s not the only concern the industry is facing. Oil and gas infrastructure is a key target of hackers, who, if successful, could potentially shutdown or disrupt production. Two such spearphishing campaigns have been found recently targeting the industry to drop the Agent Tesla Malware.
The first campaign was observed on 31st March 2020. The hackers impersonated as ENPPI- Egyptian state oil company Engineering for Petroleum and Process Industries and requested the recipient to submit a bid which includes an attachment containing “list of materials and equipment” as a part of Rosetta Sharing Facilities Project on behalf of a well-known gas company Burullus. This infected file was used to drop the Agent Tesla spyware. This spyware then collected sensitive information and stole credentials. One thing that stands out about this campaign was the use of the “Rosetta Sharing Facilities” project, which is real and is linked to ENPPI and Burullus. This makes the email look real and anybody related to the oil and gas industry can undoubtedly fall prey to such a campaign.
Companies in many countries, including the United States, Malaysia, Iran, Oman, the UAE, and Saudi Arabia, were targeted with such spearphishing emails.
In another similar campaign, the attacker informed the recipient via an email that they needed to send over the Estimated Port Disbursement Account (EPDA) for the shipping vessel, MT. Sinar Maluku, along with the container flow management information. The email instructed the recipients to open a .RAR file, which contained a version of Agent Tesla.
The above campaign was also based on facts. In reality, an Oil Tanker exists bearing that name. These campaigns bear witness to the fact that attackers can go to any extent to make their emails look legitimate and target a specimen.
Recommendations
- Don’t open suspicious emails or click on unknown links. The easiest approach to check a link is by hovering over it with your mouse.
- Never reveal personal or financial information in response to an email. Legitimate organizations will never ask for this information in an unsolicited email
- Don’t rush to send out data just because the other person tells you it’s urgent.
- Don’t rely on details provided by the sender even when you check up on them.
- Don’t open attachments unless you fully trust the source it came from.
- Block the relevant indicators of compromise within the security controls across your organization.
