Application security, Incident Response, Malware, Network Security, TDR

Oil ‘slick’: Sneaky OilRig malware campaign flows into new territory

October 5, 2016

A backdoor malware campaign dubbed OilRig that in May was discovered targeting organizations in Saudi Arabia is now trying to drill into government entities in Turkey, Israel and the U.S., as well as Qatari companies and organizations.

Palo Alto Networks Unit 42 threat research team updated the campaign's latest spear phishing efforts in a blog post yesterday, warning that the campaign has updated its “Helminth” backdoor software as well as the malicious Excel documents that distribute the malware via macros.

According to the blog post, the phishing emails targeting Qatari organizations “were very specific to the organization receiving them and in some cases were sent from partner organizations that already had a relationship with the recipient.”

Changes to malware over the last five months include the emergence of four distinct variants, each of which drops different filenames upon execution, Palo Alto continued in its report.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

Learn More

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Today’s columnist, Sebastian Gierlinger of Storyblok, offers nine tips for integrating a content management system with an ecommerce platform. (Credit: Getty Images Stock Photo)

Vulnerability Management

Millions of WordPress sites potentially hijackable due to critical plugin bug

SC StaffNovember 18, 2024

Malicious actors could leverage the vulnerability, which stems from improper user check error management in the two-factor REST API action, to facilitate high-privileged account breaches that could then be used for additional attacks, according to Defiant, a WordPress security provider.

Vulnerability Management

WhatsApp zero-day exploited by NSO Group post lawsuit

SC StaffNovember 18, 2024

While WhatsApp proceeded to disable the "Eden" exploit leveraged by NSO Group, the Israeli firm proceeded to create the "Erised" vector to target the app's users until May 2020, noted a court filing from Meta, which also noted that NSO Group, and not its customers, was primarily behind the spyware attacks.

Vulnerability Management

Impersonation attacks possible with novel Microsoft Bookings bug

SC StaffNovember 13, 2024

Such an issue stems from Microsoft Bookings enabling the creation of Shared Booking Pages by default for users with proper Microsoft 365 licenses and automated Booking Page name-based email address generation, which could be exploited to create legitimate-looking email addresses for malicious activity, according to a report from Cyberis.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Oil ‘slick’: Sneaky OilRig malware campaign flows into new territory

An In-Depth Guide to Application Security

Related

Millions of WordPress sites potentially hijackable due to critical plugin bug

WhatsApp zero-day exploited by NSO Group post lawsuit

Impersonation attacks possible with novel Microsoft Bookings bug

Related Events

Rooting Out Overlooked Risks in the Data and AI Supply Chain: Introducing a New Approach

A More Ironclad AppSec: Forecast and Guidance Late 2024 and Early 2025

Apiiro’s Integrated Application Security Posture Management (ASPM) + Software Supply Chain Security (SSCS) Solution

Get daily email updates