Categories: Cyber warfareMalware

Government-built malware and cyber weapons will run out of control

F-Secure’s Chief Mikko Hyppönen at the TrustyCon explained the risk that Government-built malware and cyber weapons will run out of control.

F-Secure’s Chief Research Officer Company Mikko Hyppönen at the TrustyCon conference in San Francisco explained that almost every government is spending a great effort to improve its cyber capabilities building a cyber weapon.

“Governments writing viruses: today we sort of take that for granted but 10 years ago that would have been science fiction,” “If someone had come to me ten years ago and told me that by 2014 it will be commonplace for democratic Western governments to write viruses and actively deploy them against other governments, even friendly governments, I would have thought it was a movie plot. But that’s exactly where we are today.” he told during his speech. 

Countries like US and Israel are probably most advanced in the development of cyber weapons, Stuxnet was the first malware designed with the specific intent to hit critical infrastructure of a hostile Government like Iran.

Consider also China that is probably the most aggressive state, according to the US intelligence the Government of Beijing has its malware already used in different state-sponsored attacks

Also European governments are very active in the development of state-sponsored malware, German police and customs officials have used in the past a malicious code dubbed R2D2. The Trojan also referred to as “0zapftis” or “Bundestrojaner”, was able to track and collect data on victims’ PC, including Skype conversationsOther countries very active are the Sweden, that has developed its malicious code, and Russia that is investing to improve its cyber arsenal.

In time I’m writing the security community is evaluating the possibility that advanced Uroburos rootkit that has been infecting networks since as far back as 2011, is a modular spyware of the Russian government cyber weapons programme.

Hyppönen was involved in the investigation on Stuxnet, and he discovered that was possible to make a reverse engineering of the detected samples to build new agents and hit new types of targets.

In the case of Stuxnet it was hard to modify the code related to the attack against industrial SCADA control systems, but anyway, the malware could be adapted to send malicious commands to an infected industrial plant that could cause serious damages.

These agents are very effective and adopt complex techniques to deceive victim’s systems, the Flame malware, for example, used a false Windows Update system to spread itself, but malware authors were able to sign malicious code to allow target infection without raising suspects. 

Recently security experts at Kaspersky lab identified a new malware family used in a large-scale cyber espionage campaign dubbed the Mask, probably the most sophisticated APT operation seen to date that hit entities in 31 different countries. The agents behind The Mask are Spanish-speaking and exploited at least a zero-day in their campaign, distributing the Mask malware on every OS including Mac OS X, Linux, and perhaps even iOS and Android.

Many experts argue that the anti-virus companies, in some cases, have not prevented the spread of malware because they agreed with the governments.

The Dutch campaign group called Bits of Freedom invited principal antivirus vendors to reveal any request to whitelist some kinds of malware being designed by the government, Hypponen claimed that Symantec and McAfee have not yet responded.

“The question was answered by our CEO saying ‘No, we haven’t’, we have never whitelisted any government malware since the source doesn’t come into play – we simply protect all our customers,” “We’ve had this policy for 13 years.” said Mikko Hyppönen.

If antivirus companies are whitelisting state malware there will be the concrete risk that Government-built malware and cyber weapons will run out of control.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs –  Cyber weapon, malware)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…

3 hours ago

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

17 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

23 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

2 days ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

2 days ago

This website uses cookies.