Monday, May 28, 2012

New Massive Cyber-Attack an 'Industrial Vacuum Cleaner for Sensitive Information'


New Massive Cyber-Attack an 'Industrial Vacuum Cleaner for Sensitive Information'


The BBC is reporting a massive new Cyber-Attack described as an “Industrial Vacuum Cleaner for Sensitive Information.” Details of the complex attack were provided to the BBC by the Russian security firm Kaspersky Labs after the United Nations’ International Telecommunications Union asked the Lab to look into reports in April that computers belonging to the Iranian Oil Ministry and the Iranian National Oil Company had been hit with malware that was stealing and deleting information from the systems.
The attack is being powered by a new and highly complex malware known as Flame, which is said to “dwarf Stuxnet in size and sophistication.” Stuxnet was the malware believed to be behind the cyber-attacks on Iran’s nuclear program in 2009 and 2010. Stuxnet was said to have been written through a partnership between Israel and the United States. The company indicated it thinks the latest attack is state-sponsored, but could not be sure of its exact origins. Unlike Stuxnet which caused tremendous damage to Iran’s nuclear program, this new threat appears not to cause any physical damage. Instead it has been designed to collect huge amounts of sensitive information.
“Stuxnet and Duqu belonged to a single chain of attacks, which raised cyberwar-related concerns worldwide,” said Eugene Kaspersky, CEO and co-founder of Kaspersky Lab, in a statement. “The Flame malware looks to be another phase in this war, and it’s important to understand that such cyber weapons can easily be used against any country.”
Kaspersky’s chief malware expert Vitaly Kamluk describes Flame as “a complex set of operations, including sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard essentially acting as a massive global data collection tool. Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists. So by excluding cybercriminals and hacktivists, we come to conclusion that it most likely belongs to the third group.”
Wired.com digs a bit deeper saying ”the malware, which is 20 megabytes when all of its modules are installed,  (compared to Stuxnet’s 500 kilobytes) contains multiple libraries,SQLite3 databases, various levels of encryption — some strong, some weak — and 20 plug-ins that can be swapped in and out to provide various functionality for the attackers. It even contains some code that is written in the LUA programming language — an uncommon choice for malware. The kill module, named browse32, searches for every trace of the malware on the system, including stored files full of screenshots and data stolen by the malware, and eliminates them, picking up any breadcrumbs that might be left behind. When the kill module is activated, there’s nothing left whatsoever.”
Alexander Gostev, chief security expert at Kaspersky Lab notes, “it took us half-a-year to analyze Stuxnet, this is 20-times more complicated. It will take us 10 years to fully understand everything.”
Some of the countries affected by the attack are Iran, Israel, Sudan, Syria,Lebanon, Saudi Arabia and Egypt.


No comments:

Post a Comment