EyePyramid – Data Stealing Trojan Horse

I read a story in Naked Security recently that reported the arrest of a couple of Italian cyber-criminals who have been stealing personal information from Italian mayors, prime ministers, cardinals, and other notables since 2010.   They used a phishing exploit to install a Trojan Horse/keylogger called EyePyramid.  There were a couple of things that caught my eye.

The first is the sheer volume of data stolen – 87 gigabytes!  This information was used by the perpetrators to make stock trades on insider information.

The second thing that stuck out to me, the data was all stored on servers in the US, specifically Salt Lake City, Utah, and Prior Lake, Minnesota.  The irony for me is I used to work for the company (Integra Telecom) with the servers in Prior Lake, so the local hook is compelling for me.

The story itself is interesting in that it illustrates a point I make in my training and speaking engagements.  All data has value, even the stuff you think no one would be interested in.  It also shows how effective a clever spearphishing campaign can be.  It also backs up another belief of mine.  People at the top, in positions of power and authority, are the WORST when it comes to computer knowledge and even a fundamental understanding of cybersecurity.  And it makes them easy targets to exploit.

So if that describes you, maybe you should show up the next time your HR or IT department brings in a cybersecurity trainer for your employees.  Hey – leading by example, isn’t that supposed to be a thing?


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.