Also known as Sarhust, cybercriminals have used this malware to actively target Southeast Asia since 2014
Fortinet, a global leader in broad, integrated and automated cybersecurity solutions, has discovered a resurgence of the Hussarini malware in Philippines that exploits a vulnerability in Microsoft Office. Also known as “Sarhurst”, this backdoor malware was last seen in 2014 targeting various countries in Southeast Asia.
Fortinet’s FortiGuard Labs identified Hussarini in a malicious document with the politically-themed filename “Draft PH-US Dialogue on Cyber Security.doc”. This malware is classified as an Advanced Persistent Threat (APT) attack, and attempts unauthorized entry into computer networks to potentially steal data. This infected document takes advantage of the vulnerability CVE-2017-11882. (Note: Microsoft has issued a patch for this vulnerability and users should download it to prevent attacks)
Analysis by FortiGuard Labs researchers indicates that it is by no coincidence that cybercriminals are targeting Philippines in the renewed APT attack campaign. In 2016, the Philippines government suffered a major attack on its Commission on Elections database that compromised personal information of over 50 million voters. Cybercriminals had exploited known website vulnerabilities to launch their attacks. That same year, a cyber attack on the Bangladesh central bank led to loss of US$81 million that was illegally transferred to a Philippines commercial bank. Security lapses failed to flag suspicious transactions and stop the movement of stolen money through bank networks.
Humans are the weakest link in the information security chain. The Philippines, with a huge number of internet users with little to no knowledge about cybersecurity, is very vulnerable to cyber attacks. There are three ways to bolster security. Firstly, the best way for companies to avoid becoming victims of malware is employee security awareness so they won’t easily fall prey to phishing attacks. The second way is to practice good security hygiene, ensuring that computers automatically get the latest updates from their software and OS vendors. Lastly, organizations and computer users need to deploy the appropriate security technologies to block these attacks.
“It is very important for the Philippines both in the government and in the business sector to integrate cybersecurity into its risk management practices,” said David Maciejak, Director of Security Research for Fortinet. “The threat landscape is constantly evolving and attacks are getting more complicated, resulting in information leaks and financial loses. As a positive step, the Philippines’ Department of Information and Communications Technology (DICT) has unveiled its National Cybersecurity Plan 2022 to address cybersecurity vulnerabilities and tighten security measures. Knowing that the risks exist and promoting best practices for handling those risks will minimize the negative impact of these attacks to businesses and to the government.”