Zyklon Targets Msoft With Backdoor Malware To Steal Data, Launch DDoS Attacks

By   ISBuzz Team
Writer , Information Security Buzz | Jan 22, 2018 03:15 am PST

News broke earlier today that hackers have launched a new spam campaign, targeting the telecommunications, insurance and financial services industries. The campaign involves hackers using new Microsoft Office vulnerabilities to spread a potent backdoor malware called Zyklon, which can steal passwords,  allow hackers to launch DDoS attacks and mine cryptocurrency, among other things.

Sean Newman, Director of Product Management at Corero Network Security:

“There’s no getting away from the levels of sophistication that cyber criminals are now using to underpin their nefarious activities.  This latest report of vulnerabilities in Microsoft Office products being leveraged to install malware, which can be remotely controlled to deliver those attacks, may not be a surprise to many people.

“However, the flexibility and attack scale possible from such an army of compromised devices should be a significant concern. The possibilities for cryptocurrency abuse or the ability to generate large-scale DDoS attacks have significant revenue generating potential for the cyber-criminals, at the expense of those trying to benefit from the broad opportunities the Internet affords.

“Ensuring your software is patched can help to keep you safe from attacks on your data or cryptocurrency, but the only way to ensure you are safe from external DDoS attacks generated by this malware, is to ensure you have the latest real-time protection in place.”

Michael Patterson, CEO at Plixer:

“Clearly this is an infection that supports the urgency to keep systems patched with automated updates. Although a system might be protected against Zyklon, variants of malware are constantly being released in a zero-day fashion.  These infections can lead to costly clean-ups.  As a proactive measure, companies with Microsoft products deployed should be collecting network traffic flows from all routers and virtual servers to perform network traffic analysis in the event of a breach.   Detecting and locating the source of the breach event quickly is of paramount importance. For example, Tor traffic, which is unusual on a network, can easily be found and stopped by looking at the traffic flow. Leveraging traffic analytics and adding context can lead to faster remediation and go a long way towards helping keep a company safe.”