Story image

Enfal threat still causing havoc to businesses after seven years of mayhem

19 Jul 2016

Verint Systems has highlighted the continued threat of the Enfal malware, which has been lurking since 2004 but has been increasingly dangerous over the past seven years.

The malware has become increasingly adept at morphing to evade detection, and Verint says that Enfal is avoiding detection by most antivirus and firewall protections. Its most recent transformation added an API name obfuscation and configuration block encryption to slip past security scanners.

Pei Kan Tsung, chief cyber researcher at Verint Systems, says, "Analysis of the patterns and indicators confirmed that Enfal’s core remains the same, allowing it to maintain a backdoor to any system it has already infiltrated or the new systems it infiltrates."

Verint's full report details how the Enfal malware works, including the "decade plus-long" sample list which will allow cyber security providers to add protection against the malware.

The initial Enfal malware attacks targeted the United States, Europe and Asia, while last year the focus remained on Asia but also moved south to Indonesia, suggesting that the entire Asia Pacific region, including Australia and New Zealand, may soon be targets.

The Enfal attacks have been found in businesses, as well as in Taiwanese government units.

"In some cases, the same computers appeared in the lists for both 2008 and 2015, leading the team to believe that Enfal may have been lurking within these units for seven years without being discovered," Tsung says.

Verint believes there are connections between the Enfal malware and the Taidoor APT backdoor groups, which use Taidoor malware in cyberespionage campaigns against corporations and governments with active interests in Taiwan.

Taidoor backdoors reportedly scan Enfal's Command and Control IP, which Verint says might mean that the two malwares use the same protocol and therefore belong to the same group. This method maximises investment while minimising effort, making them both an effective cyberespionage method.

TechOne bringing solar lights to students in need
The company is partnering with charity SolarBuddy to bring solar-powered lights to children in energy poverty to alleviate study stress after dark.
Universal Robots aims for A/NZ growth with new hire
Peter Hern takes on the role of leading customer support, sales and partner development for Universal Robots in Australia and New Zealand.
Microsoft urges organisations to tackle data blindspots
Despite significant focus placed on CX transformation, over a third of Australian organisations claimed that more than one in five of their projects failed.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
How big data can revolutionise NZ’s hospitals
Miya Precision is being used across 17 wards and the emergency department at Palmerston North Hospital.
Renesas develops 28nm MCU with virtualisation-assisted functions
The MCU features four 600 megahertz CPUs with a lock-step mechanism and a large 16 MB flash memory capacity.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.