Over the past few days there has been a lot of talk and media reports about an attack named Night Dragon. Night Dragon targets the U.S. oil, gas, and petrochemical companies. It steals proprietary and confidential information from executives by using a combination of social engineering, Remote Access Trojans (RATs), and SQL injection attacks to gain access to external and internal hosts inside companies.
This attack is not unlike others we have seen in recent weeks. To accomplish these targeted attacks, it typically includes a combination of social engineering and publicly available RAT applications. In the case of Night Dragon, it uses a RAT called zwShell. Other common trojans used in these types of attacks include Gh0st RAT and Poison Ivy, all of which are readily available for download. Unlike the Aurora trojan, where large companies were attacked late 2009, the Night Dragon trojan doesn’t use 0-day exploits to gain access to hosts.
Traditional security not capable of preventing
Attacks of this nature, where the attackers have specific objectives in mind, are very difficult to prevent. Much of the focus is concentrated on preventing the attack from occurring in the first place. Whilst this is the best thing to do, it’s very difficult to achieve. There is no single silver bullet for security, but Websense provides Data Loss Prevention (DLP) products - a proven data protection solution that is capable of securing data by preventing and blocking data leaks, even if the connection is encrypted. If the data is not allowed to leave the organization, regardless of the method (HTTP, HTTPS, email, USB devices, smartphones etc.), then the trojan is blocked and the attack fails. Protecting the assets that the attackers seek is an effective way to thwart these attempted attacks. The DLP component is just one of several technologies in TRITON that we at Websense can provide to mitigate and protect against these types of attacks.
Tags Cyber Attack