EvilGrab and Targeted Attacks/APTs in 2Q 2013

Understanding today's threats, how they unfold and protecting against them.

Dubai, United Arab Emirates: Today we're releasing the first of a new, regular, quarterly report on targeted attacks (some of which are also connected to Advanced Persistent Threats (APTs) campaigns). Each quarter, this report will detail trends we've observed as well as go in-depth on one particular APT campaign. This first report focuses on the second quarter of 2013 and goes in-depth on a new campaign we've identified and are calling “EvilGrab” that targets security software and uses a systems audio and visual components to capture information and eavesdrop.

We're also releasing two new papers to help you understand how targeted attacks unfold and how to protect against them. “Data Exfiltration: How Do Threat Actors Steal Your Data?” is another paper in our series to help you understand the different stages of a targeted attack. And “Suggestions to Help Companies with the Fight against Targeted Attacks” gives you industry best practices to help you be better protected against these kinds of threats.

The EvilGrab campaign shows why the kind of broad approach to defense that we outline in “Suggestions to Help Companies with the Fight against Targeted Attacks” is necessary. A key characteristic of this campaign is the targeting of specific security products by the EvilGrab malware. This increasingly common tactic shows that attackers are learning about the security infrastructure of a target as a regular part of their information gathering phase. We saw this tactic also in the recent New York Times attack.

In “Data Exfiltration: How Do Threat Actors Steal Your Data? we outline common techniques attackers use to capture and move data. One very interesting technique outlined there that we see with EvilGrab is its use of audio and video to capture data. EvilGrab will use video capture software to steal information off an infected system's screen. It will also use an attached microphone as a covert listening device.

Targeted attacks are an important area of focus for us. This is the latest in our ongoing research into attacks like we did with IXESHE in 2012. And our focus includes providing information to help protect against targeted attacks. A good example is our guidance for ICS/SCADA environments. Here again, we're looking to build on and continue that focus not just on product solutions, but actionable best practices.

We hope you'll find these latest papers useful in understanding today's targeted threats and protecting against them.

For all these papers and more on Trend Micro's latest research on APTs, visit our Targeted Attacks Hub.