Skip to main content

Kaspersky Lab finds more than 400 industrial companies targeted in spear-phishing attack

August 1, 2018

Personalized emails disguised as procurement and accounting documents targeted nearly 800 company PCs

Woburn, MA – August 1, 2018 – Kaspersky Lab researchers have detected a new wave of financial spear-phishing emails, disguised as legitimate procurement and accounting letters, that have hit more than 400 industrial organizations located mostly in Russia. The series of attacks started back in fall 2017 and targeted hundreds of company PCs in industries ranging from oil and gas to metallurgy, energy, construction and logistics.

In the detected wave, the criminals were predominantly focused on industrial companies together with other organizations. They sent out emails containing malicious attachments and tried to lure unsuspecting victims into giving away confidential data, which they could then use to make money.

According to Kaspersky Lab, this wave of emails targeted approximately 800 employee PCs, with the goal of stealing money and confidential data from the organizations, which could then be used in new attacks. The emails were disguised as legitimate procurement and accounting letters, containing content that corresponded to the profile of the attacked organizations and took into account the identity of the employee – the recipient of the letter. Of note, the attackers even addressed the targeted victims by name. This suggests that the attacks were carefully prepared and that criminals took the time to develop an individual letter for each user. 

When the recipient clicked on the malicious attachments, modified legitimate software was discreetly installed on the computer so that criminals could connect to it, examine documents and software related to the procurement, financial and accounting operations. Furthermore, the attackers were looking for different ways to commit financial fraud, such as changing requisites in payment bills in order to withdraw money for their benefit. 

Moreover, whenever criminals needed additional data or capabilities, such as obtaining local administrator rights or stealing user authentication data and Windows accounts to spread within the enterprise network, the attackers uploaded additional sets of malware, prepared individually for an attack on each victim. This included spyware, additional remote administration tools that extend the control of attackers on infected systems and malware to exploit vulnerabilities in the operating system, as well as the Mimikatz tool that allows users to obtain data from Windows accounts.

“The attackers demonstrated a clear interest in targeting industrial companies in Russia,” said Vyacheslav Kopeytsev, security expert, Kaspersky Lab. “Based on our experiences, this is likely to be due to the fact that their level of cybersecurity awareness is not as high as it is in other markets, such as financial services. That makes industrial companies a lucrative target for cybercriminals – not only in Russia, but across the world.”

Kaspersky Lab researchers advise users to follow these key measures in order to be protected against spear-phishing attacks:

  • Use security solutions with a dedicated functionality aimed at detecting and blocking phishing attempts. Businesses can protect their on-premise email systems with targeted applications inside the Kaspersky Endpoint Security for Business suite. Kaspersky Security for Microsoft Office 365 helps to protect the cloud-based mail service Exchange Online inside the Microsoft Office 365 suite.
  • Introduce security awareness initiatives, including gamified training with skills assessments and reinforcement through the repetition of simulated phishing attacks. Kaspersky Lab customers benefit from using the Kaspersky Security Awareness Training services.

To learn more about the financial phishing threat, please read the blog post available at ICS-CERT.kaspersky.com.

About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company, which has been operating in the market for over 20 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

About Kaspersky Lab ICS CERT
Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) is a global project launched by Kaspersky Lab in 2016 to coordinate the efforts of automation system vendors, industrial facility owners and operators, and IT security researchers to protect industrial enterprises from cyberattacks. Kaspersky Lab ICS CERT devotes its efforts primarily to identifying potential and existing threats that target industrial automation systems and the Industrial Internet of Things. During its first year of operation, the team identified over 110 critical vulnerabilities in products by major global ICS vendors. Kaspersky Lab ICS CERT is an active member and partner of leading international organizations that develop recommendations on protecting industrial enterprises from cyberthreats. ics-cert.kaspersky.com

Media Contact
Jessica Bettencourt
781.503.7851
Jessica.Bettencourt@kaspersky.com

Kaspersky Lab finds more than 400 industrial companies targeted in spear-phishing attack

Personalized emails disguised as procurement and accounting documents targeted nearly 800 company PCs
Kaspersky logo

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Related Articles Press Releases