A new virus attack campaign called SPECTRALVIPER has just been discovered, targeting the computers of many large enterprises and users in Vietnam through the SMB vulnerability. According to Bkav's statistics, 1 in 10 computers has SMB vulnerabilities and is at risk of being infected with SPECTRALVIPER.
Through a vulnerability in the SMB protocol on Microsoft Windows, hackers penetrated the system and deployed SPECTRALVIPER as a backdoor to maintain a connection to the infected device. On the victim's computer, they continue their malicious behavior such as executing malicious code, accessing and stealing data, etc.
Mr. Nguyen Tien Dat, General Director of Bkav's Malware Research Center, said: "The SMB vulnerability was exploited by the WannaCry virus to infect more than 300,000 computers around the world in a few hours.In 2018, up to 735,000 computers in Vietnam were attacked by W32.CoinMiner virtual currency mining malware by mining SMB. Despite being warned many times, up to now, up to 10% of computers in Vietnam still have this vulnerability”.
Bkav recommends that users update the patch as soon as possible, by going to Windows Update → Check for updates to check for the latest patches. Urgently back up important data. Computers with Bkav Pro installed will be automatically prevented from similar exploit scenarios..
For organizations and businesses, it is necessary to deploy additional network security monitoring solutions such as firewalls, SOC (network security monitoring center), immediately detect abnormalities for timely response and handling. At the same time, contact network security specialists for assistance in reviewing the entire system including servers, workstations and cloud systems, in order to thoroughly remove malicious code.