Cybercriminals are using “LookBack” malware to launch spear phishing attacks against the U.S. utilities sector, according to cybersecurity solutions provider Proofpoint.
Several spear phishing emails were identified that targeted three U.S. utilities companies last month, Proofpoint said. The spear phishing emails appeared to impersonate a U.S.-based engineering licensing board, with emails originating from what appeared to be a threat actor-controlled domain.
The spear phishing emails contained a malicious Microsoft Word attachment that used macros to install and run LookBack, malware that consists of a remote access Trojan (RAT) module and a proxy mechanism used for command and control (C&C) communication, Proofpoint noted. When a spear phishing email’s attachment was opened, LookBack was installed and run.
LookBack: Here’s What MSSPs Need to Know
LookBack is a remote access Trojan written in C++, Proofpoint stated. It relies on a proxy communication tool to relay data from the infected host to a C&C IP.
Furthermore, LookBack contains macros similar to those utilized in historic advanced persistent threat (APT) campaigns targeting Japanese corporations in 2018, Proofpoint said. Last month’s LookBack attacks on the U.S. utilities sector, however, have not been associated with a known APT actor, and no infrastructure or code overlaps were identified.
Global Malware Attacks Top 10 Billion in 2018
Malware attacks topped 10 billion globally in 2018, the “SonicWall 2019 Cyber Threat Report” revealed. In addition, the report indicated 2018 was the third consecutive year that the number of global malware attacks increased.
Meanwhile, MSSPs could play key roles in stopping malware attacks in the foreseeable future. MSSPs can provide endpoint detection and response (EDR), security information and event management (SIEM) and other security services to help organizations address malware attacks before they cause long-lasting damage.