Results 1 to 1 of 1
-
13th Jul 2014, 01:48 PM #1
Inventory Scanners Rigged with Malware for Shipping and Logistics Firms
Hardware from a Chinese manufacturer has been detected to carry polymorphic advanced persistent malware that would target the shipping and logistics industry.
Researchers at TrapX, a San Mateo, California, security firm, wrote in a report that the malicious code reached the affected companies through the Windows Embedded XP operating system that was available on the hardware of the inventory devices, and it was installed at the manufacturer’s factory in China.
The malware, dubbed “Zombie Zero” and believed to be state-sponsored by TrapX, would also be available in the firmware download on the company’s support website.
The security firm says that the malware would begin its attack immediately after the infected device would be connected to the wireless network and put into production.
It would use the server message block (SMB) protocol through port 135/445 and relied on polymorphism to gain persistence on the attacked systems.
Researchers found that one of the victims whose systems were compromised by Zombie Zero, foiled its attack through SMB thanks to firewall-based network segmentation, but the malware then initiated a second attempt, using the RADMIN protocol on port 4899, which assured its infiltration into more than nine servers.
The threat appears to have a clear mission as it initiates attacks against ERP (enterprise resource planning) servers with specific words in their host name. One such keywords discovered by TrapX is “finance.”
After detecting the financial ERP server, malware would be uploaded from the scanner, in order to establish “a comprehensive command and control connection (CnC) to a Chinese botnet that terminated at the Lanxiang Vocational School located in ‘China Unicom Shandong province network’,” researchers from TrapX write in a report.
The complexity of the operation does not stop at this because a second payload would be downloaded from the botnet, one that would set “a more sophisticated CnC of the company’s finance server.”
With the communication system all set up, the operator behind Zombie Zero would have complete access to the information available on the victim’s network, which included all the details of the worldwide operations of the company (financial data, customer data, detailed shipping and manifest information).
To protect themselves from attacks, shipping and logistics companies install security certificates on the scanning terminals. However, in this case, such an action would be useless because the devices would come compromised straight from the manufacturer.
“Today’s threat actors are smarter than ever morphing their attacks multiple times to achieve the goal of undermining existing security defenses. The next generation of security solutions must be just as adaptable to counter these modern threats,” said David Monahan, Research Director at Enterprise Management Associates to TrapX.Kepler Reviewed by Kepler on . Inventory Scanners Rigged with Malware for Shipping and Logistics Firms http://i1-news.softpedia-static.com/images/news-700/Inventory-Scanners-Rigged-with-Malware-for-Shipping-and-Logistics-Firms.jpg Hardware from a Chinese manufacturer has been detected to carry polymorphic advanced persistent malware that would target the shipping and logistics industry. Researchers at TrapX, a San Mateo, California, security firm, wrote in a report that the malicious code reached the affected companies through the Windows Embedded XP operating system that was Rating: 5
Sponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
[Selling] Rapidshare Rapid 100 for $1 or my own RS account with 756 GB traffic and 6k+ Rapids
By addy4u in forum Completed TransactionsReplies: 5Last Post: 20th Jul 2010, 07:52 AM -
New site for warez and HQwallpapers
By Myth in forum Site ReviewsReplies: 5Last Post: 27th Nov 2008, 07:38 AM -
need deisgner for logo and skin
By priviet02 in forum Community CooperativeReplies: 2Last Post: 11th May 2008, 11:20 PM -
Uploading warez for $$$ Fast and unique - Can also provide xxx passwords and RS
By BossMan in forum Completed TransactionsReplies: 7Last Post: 9th May 2008, 02:34 AM -
WinRar trick for CRC and Wrong Password errors!!
By Str|k3r in forum Tutorials and GuidesReplies: 1Last Post: 17th Jan 2008, 09:41 PM
themaLeecher - leech and manage...
Version 4.94 released. Open older version (or...