sb-au logo
Story image

Enfal threat still causing havoc to businesses after seven years of mayhem

19 Jul 2016

Verint Systems has highlighted the continued threat of the Enfal malware, which has been lurking since 2004 but has been increasingly dangerous over the past seven years.

The malware has become increasingly adept at morphing to evade detection, and Verint says that Enfal is avoiding detection by most antivirus and firewall protections. Its most recent transformation added an API name obfuscation and configuration block encryption to slip past security scanners.

Pei Kan Tsung, chief cyber researcher at Verint Systems, says, "Analysis of the patterns and indicators confirmed that Enfal’s core remains the same, allowing it to maintain a backdoor to any system it has already infiltrated or the new systems it infiltrates."

Verint's full report details how the Enfal malware works, including the "decade plus-long" sample list which will allow cyber security providers to add protection against the malware.

The initial Enfal malware attacks targeted the United States, Europe and Asia, while last year the focus remained on Asia but also moved south to Indonesia, suggesting that the entire Asia Pacific region, including Australia and New Zealand, may soon be targets.

The Enfal attacks have been found in businesses, as well as in Taiwanese government units.

"In some cases, the same computers appeared in the lists for both 2008 and 2015, leading the team to believe that Enfal may have been lurking within these units for seven years without being discovered," Tsung says.

Verint believes there are connections between the Enfal malware and the Taidoor APT backdoor groups, which use Taidoor malware in cyberespionage campaigns against corporations and governments with active interests in Taiwan.

Taidoor backdoors reportedly scan Enfal's Command and Control IP, which Verint says might mean that the two malwares use the same protocol and therefore belong to the same group. This method maximises investment while minimising effort, making them both an effective cyberespionage method.

Story image
Fortinet’s ‘zero trust’ approach redefining security
Cornelius Mare, Fortinet A/NZ Director, Security Solutions, explains why taking a ‘zero trust network access’ approach to cybersecurity requires fully-integrated and comprehensive security services and policies.More
Story image
Plugging the gaps: Australian organisations are leaving their defence barriers wide open
Cybercriminals are are walking through the gaping holes in Australia’s organisational defences – gaps that leadership teams don’t even realise are there.More
Story image
Metallic adds data management and GDPR compliance
Now GDPR compliant, additions to the portfolio include eDiscovery features and support for Microsoft Hyper-V and Azure Blob and File storage.More
Story image
SMBs seeking service providers in face of rising cyber threats
SMBs are struggling with their cybersecurity solutions, with three quarters worried about being the target of a cyberattack in the next six months, and 91% considering using or switching to a new IT service provider if offered a better option.More
Story image
Sophos named mobile security Leader in IDC MarketScape
Sophos Intercept X for Mobile has capabilities in protecting Android, iOS and Chrome OS users from known and never before seen mobile threats.More
Story image
Shlayer malware proves Apple devices aren't as secure as you think
"Apple never talks about malware publicly, and loves to give the impression that its systems are secure. Unfortunately, the opposite has been proven to be the case with great regularity."More