Zombie Zero
Zombie Zero[1] is an attack vector where a cyber attacker utilized malware that was clandestinely embedded in new barcode readers which were manufactured overseas.
It remains unknown if this attack was promulgated by organized crime or a nation state. Clearly there was significant planning and investment in order to design the malware, and then embed it into the hardware within the barcode scanner. Internet of things (IoT) devices may be similarly preinstalled with malware that can capture the network passwords and then open a backdoor to attackers. Given the high volume of these devices manufactured overseas high caution is to be exercised before placing these devices on corporate or government networks.
Detailed data on the attack
A malware embedded scanner was installed on a wireless network. An attack against the internal network initiated automatically using a server message block protocol.
The stolen data which was scanned included every piece of information about the item, destination address, source and more. This was sent clandestinely to a command and control connection back to a botnet in China. This botnet connected to the Lanxiang Vocational School located in the China Unicom network for Shandong province. This school in China has been connected to previous attacks, including Google and the Operation Aurora attack. The manufacturer of the scanner was located just a few blocks away from the school.
The botnet then downloaded a second payload that broadened the command and control which now extended to the target company's corporate servers in finance. The attackers were looking for logistics data on all shipping on a worldwide basis, and the attackers had succeeded in obtaining detailed financial data on all customers and shipments.
Detection
Zombie Zero can be detected using deception technology.[2][3][4][5][6][7]
References
- "How a Scanner Infected Corporate Systems and Stole Data: Beware Trojan Peripherals". Forbes.com. Retrieved 2016-09-09.
- Antone Gonsalves (2014-07-10). "Shipping companies' computers compromised by malware-infected Chinese scanners". CSO Online. Retrieved 2016-09-09.
- "Chinese Hackers Target Logistics & Shipping Firms With Poisoned Inventory Scanners". Darkreading.com. Retrieved 2016-09-09.
- Lucian Constantin (2014-07-10). "Malware hidden in Chinese inventory scanners targeted logistics, shipping firms". Network World. Retrieved 2016-09-09.
- Anand, Priya (2014-07-10). "Hackers know who is shipping what, and to where". MarketWatch. Retrieved 2016-09-09.
- "How a Scanner Infected Corporate Systems and Stole Data: Beware Trojan Peripherals". Forbes.com. Retrieved 2016-09-09.
- "Hacker Traps: Fake Computers Used as Bait in Hunt for Cyber Criminals". Sputniknews.com. Retrieved 2016-09-09.