Story image

Enfal threat still causing havoc to businesses after seven years of mayhem

19 Jul 16

Verint Systems has highlighted the continued threat of the Enfal malware, which has been lurking since 2004 but has been increasingly dangerous over the past seven years.

The malware has become increasingly adept at morphing to evade detection, and Verint says that Enfal is avoiding detection by most antivirus and firewall protections. Its most recent transformation added an API name obfuscation and configuration block encryption to slip past security scanners.

Pei Kan Tsung, chief cyber researcher at Verint Systems, says, "Analysis of the patterns and indicators confirmed that Enfal’s core remains the same, allowing it to maintain a backdoor to any system it has already infiltrated or the new systems it infiltrates."

Verint's full report details how the Enfal malware works, including the "decade plus-long" sample list which will allow cyber security providers to add protection against the malware.

The initial Enfal malware attacks targeted the United States, Europe and Asia, while last year the focus remained on Asia but also moved south to Indonesia, suggesting that the entire Asia Pacific region, including Australia and New Zealand, may soon be targets.

The Enfal attacks have been found in businesses, as well as in Taiwanese government units.

"In some cases, the same computers appeared in the lists for both 2008 and 2015, leading the team to believe that Enfal may have been lurking within these units for seven years without being discovered," Tsung says.

Verint believes there are connections between the Enfal malware and the Taidoor APT backdoor groups, which use Taidoor malware in cyberespionage campaigns against corporations and governments with active interests in Taiwan.

Taidoor backdoors reportedly scan Enfal's Command and Control IP, which Verint says might mean that the two malwares use the same protocol and therefore belong to the same group. This method maximises investment while minimising effort, making them both an effective cyberespionage method.

Three ways to achieve data security whilst enabling BYOD
"A mobility strategy is now more important than ever before, that said, selecting the right one is often no small task."
Mobile Infrastructure market sees fastest growth since 2014
The report from Dell’Oro shows that while the vendor rankings for the top three vendors remained unchanged with Huawei, Ericsson, and Nokia leading.
HPE unveils AI-driven operations for ProLiant, Synergy and Apollo servers
With global learning and predictive analytics capabilities based on real-world operational data, HPE InfoSight supposedly drives down operating costs.
Deloitte bolsters AWS offerings with CloudinIT
“By joining forces we can help even more organisations adopt cloud technologies and put their customers at the heart of their digital agendas.”
How IoT and hybrid cloud will change in 2019
"Traditional VPN software solutions are obsolete for the new IT reality of hybrid and multi-cloud."
Enterprises to begin closing their data centres
Dan Hushon predicts next year companies will begin bidding farewell (if they haven't already) to their onsite data centres.
Citrix acquires micro app platform Sapho
Sapho’s micro applications improve employee productivity by consolidating access to tools, activities and tasks in a simple and unified work feed.
HPE expands AI-driven operations
HPE InfoSight extends select predictive analytics and recommendation capabilities to HPE servers, enabling smarter, self-monitoring infrastructure.