Researchers at Kaspersky Lab have discovered a new cyber-spying campaign called Grabit that is targeting small, medium sized organisations based in mainly in India and even in countries such as Thailand and the US. Other countries affected are the UAE, Germany, Israel, Canada, France, Austria, Sri Lanka, Chile and Belgium.
Grabit is targeting businesses across sectors chemicals, nanotechnology, education, agriculture, media, construction and more. According to Kaspersky, India and Thailand were the maximum affected by this cyber-attack. Kaspersky Lab reveals malware were sent by employees to each other as stolen host names and internal applications are the same. According to researchers, infection starts when a user in a business organization receives an email with attachment that looks to be a MS word (.Doc) file. Users clicks to download the file and the spying programme is transferred to the machine from a remote server that has already been hacked by hackers. The compromised service acts as a malware hub. Cybercriminals take control of the machine using HawkEye keylogger and a onfiguration module having a number of Remote Administration Tools (RATs).
“We see a lot of spying campaigns focused on enterprises, government organizations and other high-profile entities, with small and medium-sized businesses rarely seen in the lists of targets. But Grabit shows that it’s not just a “big fish” game – in the cyber world every single organization, whether it possesses money, information or political influence, could be of potential interest to one or other malicious actor. Grabit is still active, and it’s critically important to check your network to ensure you’re safe. On May 15th a simple Grabit keylogger was found to be maintaining thousands of victim account credentials from hundreds of infected systems. This threat shouldn’t be underestimated,” – says Ido Naor, Senior Security Researcher, Global Research & Analysis Team. Check out the full Kaspersky Lab report here.
India has continued to be one of the top targets of cybercriminals. Even as efforts are on to beef up security features, cybercriminals have continued to innovate to target individuals. The latest revelation also highlights how the start ups and middle-sized companies are being targeted in India. The new development comes shortly after National Association of Software and Services Companies (NASSCOM) and Data Security Council of India teamed up to launch a NASSCOM Cyber Security Task Force, which will ensure India evolves as a global for cyber security solutions. The Indian government is also planning to set up a dedicated center that detect malicious programs and botnets and help device owners to remove harmful software for free.
Malware distribution by country