Inception malware could target UK businesses

Sophisticated malware framework, Inception, uses targeted phishing emails to steal data and store it in the cloud

Inception malware could target UK businesses
Inception malware could target UK businesses

Sophisticated malware hitting institutions across the globe could also be targeting the UK. The virus, dubbed "Inception" after the 2010 film due to its multi-layered design, was uncovered by security researchers at Blue Coat. It is thought to have spread in Russian organisations before hitting Europe.

The software goes across 60 mobile networks and has evolved to mobile phones, targeting iOS, Android and Blackberry devices. It is delivered using targeted phishing emails, contained in Trojan documents and MMS messages.

Simon Beattie, technical manager at UK penetration testing and scanning vendor, RandomStorm told SCmagazineUK.com: "Once these files are run, captured data or telephone call recordings are sent to give the perpetrators the information required to attempt a much more targeted attack."

The malware, which has been in operation since June, uses the WebDAV protocol to transfer stolen information back to cloud storage.

It is likely that Inception is also targeting UK firms, experts told SCMagazineUK.com. Jim Fox, director at KPMG said: "The same methods will work perfectly in the UK ecosystem. People create malware and they go where the most interesting things are. They look for a major economy, and information - whether government or business - and the UK has this. Because of how widespread this has been so far, it seems that they are casting the net really wide."

Robert Arandjelovic, Blue Coat's director of product marketing EMEA told SC: "Inception is extremely sophisticated but designed so it can be modified and repurposed so it can be changed many times. It could be very easy to repurpose this into a UK attack."

It is not clear who is distributing the attacks, but Inception has been using the services of a cloud service provider based in Sweden, CloudMe.com, for its main command-and-control infrastructure. Snorre Fagerland, senior principal security researcher at Blue Coat added to SC: "I'm guessing that there have been incidents in the UK already. It's really hard to know when you've been compromised. Now that the report is out, it is quite possible that they will wind down the current operation and take it elsewhere. They may be dropping off the radar."

In order to avoid being hit, Fox advises UK businesses to make sure they compartmentalise data. "The majority of networks are flat: you can get to any point on the network from almost any other. You can't protect everything, but you have to figure out what your crown jewels are and spare them, so even if you are impacted, you can limit the damage. That can be as easy as adding another firewall and another level of authentication."

Education is also key in preventing this kind of attack, Beattie said: "The only real protection against sophisticated targeted attacks is on-going education and vigilance, so that employees are trained not to open suspicious emails and MMS and not to divulge sensitive information in person or over the phone."