Netstar’s theme for the next couple of months is Security Awareness Training, in keeping with this we strive to keep you informed about the latest threats in the industry. Here’s what you need to know about Lebal Malware and how it is relevant for your business.

A new type of malware was reported at the beginning of 2018: Lebal.

Lebal was discovered by cyber security researchers at the beginning of this year. Now at the end of the month, and it has received relatively little coverage online, with a small number of articles being released over the last few days which cover the attack.

What is it?

It is a targeted form of malware which attempted an attack on five universities, 23 private companies and several government organisations.

A total of 328 phishing emails were sent out over the course of one day. The attack originated from a single IP address in Brazil.

What does it do?

The malware masqueraded itself as an email from FedEx. The users received a message saying they had been unable to deliver a parcel, they would then be prompted to click a link to print a delivery label stored on Google Drive. Once the user clicked the link the malware would then download onto their machine. The address contained https which those with more security awareness would recognise as being secure. It also contained which looks like a secure address. The problem is that in this case Google Drive was used to store the malware, fooling people who would naturally trust https and Google. This occurrence highlights how phishing techniques are becoming increasingly sophisticated in their attempts to fool users.



Once on the system, the malware would steal private data from users’ browsers, and attempt to access cryptocurrency such as Bitcoin. The malware would also attempt to hide itself from anti-malware tools by compromising the defences in place on the operating system.

Sound complicated? All you need to know is that this makes security awareness training for staff all the more crucial. Attacks such as this one, were well disguised and rely on fooling us by using social engineering. Training yourself and staff is crucial in order to raise awareness and be able to pick up on small cues which might make it easier to spot these attempts. For example, if FedEx is not a courier normally used by your organisation, this would raise red flags immediately.

Can it affect me?

Although this attack originated in Brazil, it is a reminder that cyber security needs to be a top priority for all UK businesses regardless of size. The attempts in this case were unsuccessful due to the targeted organisations having the right security in place. In the past I have written that humans are the weak link in IT security, this case highlights how with the right knowledge and procedures in place this weakness can be turned into defensive measures. In order for organisations to be vigilant it is important to make sure all staff have access to security training, and that procedures are in place to prevent users from accidentally clicking on or downloading corrupted files.

Key Take away

We are already seeing predictions proved correct that malware would become more sophisticated and increasingly targeted at high level individuals.

Think about what you open, and invest in providing security awareness training for your team. If you aren’t sure who to go to for this speak to your IT partner for recommendations. It is the best form of defence when it comes to malware attacks.

Small targeted attacks

The purpose of these small targeted attacks could be for attempts to go undetected, or to test new methods of hacking. Regardless of the intent it is undeniable that the threat level is high and organisations need to be vigilant. But… the reality stings. For many, it’s hard to believe, but skilled cyber criminals use for placing their phishing malware. And this case is not an isolated incident, so Google –as well as many other cloud storage services – definitely should take urgent steps to solve this problem