According to Symantec, this usually occurs within two hours of infection. Gatak is also capable of moving laterally across a network and infecting multiple devices. Gatak is particularly dangerous because it is difficult to detect and can remain dormant for long periods. The main module is the information stealing component. Symantec suggests that older forms of malware may be installed when the group believes their attack has been detected “to throw investigators off the scent.”
The downloader has been discovered to install Shylock an old form of ransomware. One component performs detailed fingerprinting of the victim and is capable of installing a range of additional payloads. Gatak is primarily an information stealer It is currently unclear how the attackers are using the malware to profit from infections, although it is believed that healthcare companies are being targeted due to the value of their stored data. While 40% of attacks have not been attributed to any industry sector, the next most targeted industries – which each account for 5% of attacks – are the automotive, education, gambling, and construction.
This signifies a change in targeting, as previously the Trojan has been primarily used to attack insurance companies. However, according to a recent report by Symantec, the actors behind the malware have now set their sights firmly on the healthcare industry.Ĥ0% of the most affected organizations are now in the healthcare sector. The Trojan was first identified in 2011 and has since been used to attack a wide range of targets. Gatak, or Stegoloader as it is otherwise known, is not a new malware. The healthcare industry is coming under attack by the actors behind the Gatak Trojan. Healthcare Industry Targeted with Gatak Trojan
0 kommentar(er)
