Anonymous posts regarding a virus named “Beyond the Grave” have been circulating in various cybersecurity forums. This virus is purported to specifically target U.S. and international hedge funds and to alter confidential data housed at those funds. The virus is deployed via email sent from a typosquatted domain that appears at first glance to be a legitimate domain of an actual outsourced CIO/consultant. Screenshot samples from the reports indicate that the attack has been taking place over a two-month period.
While any reported attack should be treated as cause for caution and vigilance, and we recommend taking actions noted below, the authenticity of this virus appears to be questionable. Multiple indicators point to the possibility of this being a hoax, marketing stunt, or mistake:
- The attacker appears to be boasting via forum posts, versus using a payload for infiltration and/or gain.
- The attack payload appears to do nothing (though it could be targeted for deployment with certain browsers/extensions).
- The source of the screenshots in the email circulating within hedge funds is unknown and questionable.
- A minimal set of the funds listed as attacked have confirmed the attack.
- The FireEye cybersecurity threat investigation and response firm has indicated in information-sharing forums that they are not aware of or investigating any such threat, and that they believe it may be a hoax as well.
ACA Aponix Guidance
ACA Aponix recommends taking the following actions regarding the Beyond the Grave virus:
- Maintain caution and vigilance for this potential threat, in a fashion consistent with other anti-phishing and anti-malware efforts.
- Review and refresh anti-phishing training efforts. Consider providing specific notification to hedge fund staff regarding this threat and appropriate response procedures.
- Block the fake domain aksia.co (missing the “m”).
- Consider domain name monitoring to detect typosquatting of your own domains.
- Ensure that all malware and virus definitions for all systems are up-to-date.
- Monitor system logs for unusual activity.
- Ensure that data backup and related resiliency plans are up-to-date and functional.
How ACA Can Help
ACA Aponix offers the following solutions that can help protect your firm from vulnerabilities and related cybersecurity risk, including:
- Phishing testing and cyber awareness training
- Cyber incident response planning
- Penetration testing and vulnerability assessments
- Threat intelligence
For More Information
If you have any questions, please contact your regular ACA Aponix consultant, or email us at firstname.lastname@example.org