Researchers revealed that malicious threat actors abuse short-lived malware to terrorize numerous industrial companies worldwide. The malware seeks corporate credentials and data to steal and sell it to other malicious entities for money.
The researchers analysed the short-lived malware samples discovered in the first half of last year. About 21.2% of these malware samples were monitored and analysed, and most of them only lasted 25 days before being substituted with a new one.
Fortunately, most of the malware was not distributed widely by threat groups. Based on recent findings, there are only 100 devices were infected.
However, there are over 2,000 corporate email accounts that threat actors have successfully compromised since they can distribute malicious attachments in their spear-phishing emails campaign, resulting in the exfiltration of corporate data.
Small-time threat actors commit to attacking industrial firms since they do not have enough workforce and short-lived malware is easily and readily available.
Small-time threat groups and amateur hackers operate the attacks against industrial firms using short-lived malware. After gaining access inside the targeted network, the threat actors maneuver laterally and infect corporate email services to distribute the malware to other affiliated firms.
Based on reports, the hackers that use this malware target different organisations’ devices, such as SCADA systems, HMIs, data gateways, administrative computers, industrial software developers, engineering workstations, and historians.
Threat actors push short-lived malware campaigns to make quick money. Moreover, the lifespan of the malware is very brief even though the threat actors utilised popular commodity malware strains such as Masslogger, Lokibot, Snake, HawkEye, AgentTesla, and Azorult.
They also utilised the heisted data from corporate to operate financial fraud activities or sell gathered SSH, VPN, SMTP, and RDP credentials online.
Furthermore, a recent report showed that the hackers have stolen credentials from approximately 7,000 corporate accounts sold them to about 25 marketplaces.
Threat actors seem to focus on stealing corporate accounts sold or traded online for a quick profit. Therefore, organisations should be more vigilant in spotting these kinds of attacks. Experts suggest that employees should be trained by their respective companies to identify suspicious phishing emails, limit their access, and employ 2FA.
