Kaspersky Lab IDs New Activity Among Financial Cybercriminals


Analysts at Kaspersky Lab have discovered a string of attacks targeting users across Asia and Africa, the company said Wednesday (Nov. 23).

Experts have identified cyberattacks that use what’s called a zero-day exploit, a program that allows additional malware to be installed on a device without the user’s knowledge. The attacks are hitting the InPage text editor software used by businesses with employees that speak Urdu and Arabic.

According to Kaspersy Lab, the attacks are pinpointing businesses in Asia and Africa.

Media and printing companies are some of the most common users of the InPage program, the firm noted, though government offices and financial institutions also use the software. Nearly 2 million people use InPage, but researchers have identified Myanmar, Sri Lanka and Uganda as the three areas in which attacks have occurred.

Researchers said this cyberattack uses a phishing email scam with malware attached. The attacks are using particular kinds of tools and technologies commonly seen among financial cybercriminals, Kaspersky Lab said.

“The use of vulnerabilities in specific software with a relatively low global presence and a very narrow target audience is an easy-to-understand tactic,” said Kaspersky Lab GReAT security expert Denis Legezo in a statement. “The attackers adjust their tactics to their target’s behavior by developing exploits for custom software, which doesn’t always receive the kind of scrutiny that big software companies apply to their products.”

“Since local software is not a common target of exploit writers, vendors are not very responsive to vulnerability reports and existing exploits remain workable for a long time,” the executive added.

The company has recommended that companies implement security solutions across the enterprise and focus on employee education to prevent these types of attacks. Staff should understand how to identify a suspicious email and to not open attachments from these messages.