Incidents

Hackers invested only $160 USD in a phishing campaign that infected over 70k victims. How did they do it?

Information security specialists have revealed details about a recent cybercriminal campaign identified as “MasterMana Botnet”, related to multiple key concepts in the world of cybersecurity, such as the use of botnet, backdoors, theft of cryptocurrency, among others. Experts estimate that thousands of companies around the world have already been attacked by the operators of this campaign at a very low cost.

According to specialists from security firm Prevailion, this campaign began in late 2018, with operators sending phishing emails indiscriminately to thousands of public and private organizations around the world.

The phishing emails used by the attackers were
designed to extract information related to cryptocurrency addresses from
unsuspecting users. Information security experts mentioned that, based on the
methods used in this campaign, it is possible to link it to the hacker group
known as “Gorgon Group”, active for almost a decade.

A sample of the phishing email sent by hackers. Source: Prevailion

After the victims opened the malicious email,
an attachment loaded with malware
appeared. Opening this document triggered the attack, which had an approach
that allowed it to evade detection of antivirus tools due to the use of
third-party sites, such as Bitly, Blogspot and Pastebin instead of just using
web domains controlled by hackers. The methods used by hackers also allowed
them to bypass automated detection systems such as sandbox environments.

Azorult, one of the Trojans used by hackers,
was designed to extract user names, browsing history, website cookies and
cryptocurrency online wallets. In addition, this Trojan was also able to list
hosts, upload and download files and even take screenshots of the infected
computer, mentioned information security specialists.

Another purpose of using third-party sites is
cost reduction. On average, the rent of virtual private servers (VPS) costs $60
USD, plus any version of Azorult available on dark web hacking forums costs
about $100 USD, so deploying this hacking campaign cost no more than $200.

Hacker-controlled website. Source: Prevailion

“It’s ironic to think of companies
investing hundreds, or even thousands of dollars in security solutions, while
threat actors can deploy a massive phishing campaign with just a few bucks; we
can’t even see this campaign as an advanced persistent threat,” the
experts say.

While activity associated with this campaign
has been reduced, researchers believe it is highly likely that this group of
cybercriminals will continue their operations in the future, so organizations
should not fail to pay attention to attack vectors such as the phishing emails.

Information security specialists at the
International Institute of Cyber Security (IICS) mention that MasterMana Botnet
is the perfect example that hackers don’t need to use the most sophisticated
tools, because they know that using techniques like phishing they can access a
system via the weakest link in the information security chain: the human
factor.

Preventing such attacks requires a
comprehensive strategy, where system administrators are able to implement
various security methods, such as firewalls, email filters, and antivirus
software, while keeping training to any member of the organization who uses
computer equipment with an Internet connection in order to minimize exposure to
any social engineering campaign.

Click to comment

You must be logged in to post a comment Login

Leave a Reply

To Top

Pin It on Pinterest

Share This