The recent cyber-attack on Kudankulam Nuclear Power Plant (KKNPP) has been confirmed by the officials and yet again security of critical infrastructure has become the talk of the cyber world. The officials mentioned that there is no damage to control systems of the plant as the core processing controls are truly air gapped, which is a standard security practice used to physically isolate critical infrastructure from unsecured networks like the Internet or local area networks in order to make it a lot harder to breach the walls of any establishment.
Reports indicate the occurrence of malware with a specific pattern wherein hackers are abusing and imitating applications of well-known brands to launch malware into enterprise systems.
Our team of experts at Quick Heal Security Labs are investigating on the modus operandi of this malware. The malware works by resolving code belonging to Application Programming Interfaces and starts to gather system information. Known as Backdoor.Dtrack, this malware includes hardcoded internal network credentials of enterprises. By the end, the malware collects network information, running process list and browser history, dropping itself into the local drive of the affected computer.
Typically, malware of such nature are determined to be Advanced Persistent Threats or APTs focusing on being undetected for as long as possible in order to steal maximum sensitive business information.
From the information available and the initial research carried out by Quick Heal Security Labs, the contentious malware DTrack or ATMDTrack samples have historically known to also imitate Quick Heal’s Safe Banking application icon and file information to make it appear legitimate in some of the attacks.
Quick Heal and Seqrite products are already protecting against the known variants of DTrack. We strongly recommend you to keep your security products updated and follow best security practices for optimum defense against the latest and evolving threats.
At Quick Heal Technologies, we are deeply committed to secure and safeguard our customers by providing the best-in-breed protection against known and advanced cyberthreats.
As, further investigations are under way, we will keep you posted on the latest findings on Backdoor.DTrack.