Russian energy companies, factories, suppliers, and developers of electronic components have faced attacks from the Unicorn spy virus. It enters the company's system through malicious email distributions, and, as noted by Kaspersky Lab, the malware is unique in its strategy.
The peculiarity of these attacks is that after data theft, malicious scripts remain in the system. Unlike other similar malware, instead of stealing data once and covering its tracks, the malware continues to transmit new or updated files to attackers until it is detected and measures are taken, which potentially increases the scale of possible losses.
The malware is distributed through email attachments or files on Yandex.Disk, to which a link from the email leads. At the same time, information about copied files, the date of their last modification, as well as already transmitted documents, are stored by the scripts entrenched in the system in text files and constantly checked against them to avoid repetition.
To protect the organization from Unicorn, Kaspersky Lab recommends:
- regularly conduct training sessions for employees to reduce the likelihood of successful attacks using social engineering methods, including phishing;
- install a reliable protection solution that will automatically send suspicious emails to spam;
- use cybersecurity products whose effectiveness is confirmed by independent testing laboratories;
- regularly update the operating system and software on all corporate devices to promptly close known vulnerabilities;
- use complex and unique passwords to protect corporate accounts and update them regularly. It is recommended to use specialized password managers for their creation and storage;
- provide information security specialists with access to the latest information on the latest tactics, techniques, and procedures of attackers, for example, using Threat Intelligence services.
Read materials on the topic:
Rostelecom Denies Information About Data Leak from Electronic Summons Registry Website
Hackers Attack Russian Antivirus Manufacturer "Doctor Web"
Cunning, Fast, Invisible: New Loki Malware Attacks Russian Enterprises
