CYBER GRID VIEW Vol.2 English Edition
04 NOV 2016 | C.G. VIEW
This report provides information on the results of analysis regarding Daserf (a type of malware that is used in targeted attacks aimed at critical infrastructure providers in Japan) and the attackers using it.
Japan has seen an increase in targeted attacks that use sophisticated methods to relentlessly attack the companies targeted. Especially, in June 2015, the Japan Pension Service sustained a targeted attack, resulting in the leakage of a huge amount of personal information. Thereafter, similar attacks against many organizations and companies in Japan, including local governments and universities, have been exposed, and the term "targeted attack" became widely known to the public. At the time of writing (June 2016), a large travel agency had sustained damage due to a targeted attack, announcing that it was very possible that personal information was leaked. The methods used in these targeted attacks have become more and more sophisticated. Thus, there is not just the risk that information is stolen from the company--there is also the serious risk of increased repercussions affecting business continuity.
NISC has reported that the number of attacks against critical infrastructure providers, including those related to information communication, finance, aviation, and electric power, has increased significantly from 124 in FY2014 to 401 in FY2015. As the Tokyo Olympics and Paralympics are scheduled for 2020, it is more likely that attacks against critical infrastructure providers and infrastructurerelated companies will further increase. Under these circumstances, through this report, more or less, we hope to contribute to the consideration of countermeasures against Daserf attacks.
Contents
- Introduction
- Daserf: What is it and how is it being used in targeted attacks?
- Daserf: Operating environment and overview
- Characteristics of Daserf traffic
- Detecting Daserf - Daserf: Who uses it?
- Daserf: Modus operandi of attackers
- Types of malware used by attackers - Conclusion
- Indicator of Compromise (IOC)
Click here to download PDF file.
Contact :
LAC Co., Ltd.
E-mail: sales@lac.co.jp
Disclaimer information :
Use this report at your own risk. LAC Co., Ltd. takes no responsibility for any loss resulting from using this document. When using data from this report, be sure to cite the source. LAC is a trademark of LAC Co., Ltd. JSOC is a registered trademark of LAC Co., Ltd. Other product names and company names are trademarks or registered trademarks of their respective companies.