A previously unknown botnet has been uncovered, built for a multi-stage tracking and data exfiltration, primarily of targets in Asia.
According to Forcepoint’s 2016 Global Threat Report, Jaku has claimed 19,000 victims across 134 countries so far.
"Jaku herds victims en masse and conducts highly targeted attacks on specific victims through the execution of concurrent operational campaigns," it explained.
Technical details are still forthcoming in May from the firm, but it did say that payloads are delivered via exposure to compromised BitTorrent sites, the use of unlicensed software and the downloading of the Warez software. It also uses a raft of evasion techniques, like cryptography, steganography, fake file types, stealth injection, antivirus engine detection and more.
Forcepoint said that the victims are located around the globe, but there’s significant clustering in Asia, especially Japan, South Korea and China. The command and control servers are located in Malaysia, Thailand and Singapore.
Jaku was discovered as a result of a six-month investigation by Forcepoint’s Special Investigations (SI) team, as detailed in the company’s report. Forcepoint has built on Kaspersky's previous Dark Hotel campaign research, and engaged with the UK National Crime Agency (NCA), CERT-UK, Europol and Interpol.
To avoid infection, Forcepoint recommended that companies build processes within the organization to reduce potential dwell time, and limit or avoid contact with torrent sites and illegal software. They should also monitor for unusual activity, such as traffic sent to command and control servers, known to threat intelligence systems.
The report also detailed a variety of trends to watch, including a new crop of opportunistic ransomware, anti-malware tools and issues caused by the ever-dissolving perimeter. Ransomware has led a spike in malicious content in email, which increased 250% compared to 2014. It’s part of a continuing convergence of email and web attack vectors, the firm pointed out: In fact, nine out of 10 unwanted emails contain one or more URLs; and millions of malicious macros are being sent.
Organizations are also faced with increases in data breaches caused by both malicious and “accidental” insiders, and inconsistent security controls between cloud providers and businesses.
“The rapid evolution of the cyber threat environment has consequences that are much broader than just technical, operational, and financial—they can impact every piece of a business,” said Forcepoint chief scientist Richard Ford. “With this Threat Report, we want to demystify these threats and help enable businesses with tools, recommendations and, quite simply, knowledge, so they can continue to move forward without fear.”
Photo © Nicescene