Dangerous waves of malware are transforming cyberspace in a jungle

Pierluigi Paganini September 07, 2012

The cyberspace is becoming a jungle of malware, a place where the danger is just around the corner. Governments, cyber criminals, hacktivist and terrorist are focusing their activities in the new domain due this reason we are assisting to the born of new agents and very sophisticated attack tools.

In a parallel manner is lowering the level of technical knowledge required to carry out cyber attacks, a phenomenon that raises a lot of concern among security experts from around the world.

It is quite simple today to acquire all the necessary to compose a personal botnet or to commission online the creation of malware based on well know agents such as Zeus.

According the last reports proposed by the main security companies there is no pace for every business sector, in particular banking and industry are the principal targets of the last wave of cyber attacks.

The number of attacks has increased dramatically according the cyber intelligence team at the Online Threats Managed Services (OTMS) group of RSA.

Idan Aharoni, head of the cyber intelligence team for RSA’s OTMS, announced the rapid explosion of the model of sell of  “malware as service” in which every malware and attack tools sold is supplied by meticulous support services.

Aharoni also declared

“The risk is huge. More criminals are able to target highly-sensitive information within companies,”

“Even in businesses are not specifically targeted, they are still at risk and should ensure they are able to mitigate against the kinds of attacks we are seeing,”

“Organizations must have a plan for dealing with infections and data breaches; they can’t just say this is an issue that doesn’t affect me. Any company that stores data is a potential target,”

The expert is referring the inadequacy of the current security defense mechanisms that daily are bypassed by new sophisticated cyber attacks.

It is a race against time, businesses and governments are exposed to serious risks, in particular the spread in the wild of agents of dubious origin represents a great cyber threat.

In the last months the number of cyber attacks related to cyber espionage campaign of governments is increased and some groups of researchers are sure that many other malware are silently operating in the cyberspace still undetected.

The impact on businesses by these agents is far from negligible, let’s take as example the finding of Gauss Malware. After Duqu, Flame and Mahdi a new cyber-espionage toolkit has been detected always in the Middle East, and like its predecessors it is capable of stealing sensitive data such as online banking credentials, browser passwords and system configurations.

Gauss was discovered during investigation conducted by the International Telecommunication Union (ITU) to mitigate the risks posed by emerging cyber-threats, it has been detected thanks the investigation made to identify the Flame malware and according the investigations Gauss has been spread on September 2011 and was detected in June 2012 and on July it its command and control infrastructure shut down.

The discovery of Gauss let the experts believe that many other related cyber-espionage malware are actually in operation and many other agents will be developed in the next future.

News of these days are the continuous attacks to oil companies Saudi Aramco and RasGas, hit by the Shamoon malware.

After a first wave of attacks it seems that newest attacks also use a more recent variant of the Disstrack malware.

The malware has destructive purpose, it attacks the system destroying system files, Master Boot Record and active partition of the disk.

According to report with Symantec, first company to discover Shamoon on August, the malware has three primary functional components:

  1. Dropper—the main component and source of the original infection. It installs a number of other modules.
  2. Wiper—this module is responsible for the destructive functionality of the malware.
  3. Reporter—this module is responsible for reporting infection information back to the attacker.

After the initial infection, Shamoon spreads via network shares to infect additional machines on the network.

The wiper destroy the component following a prioritized list of files by overwriting them with a 192KB block filled with a partial JPEG image of a burning United States flag.

Fortunately several antivirus application are able to detect the agent and immunize the machine.

I’ve read on internet that some experts don’t afraid a wide diffusion of those malware created by state sponsored projects, they believe that the agents are controllable and able to attack only specific targets within a specific area. I not agree this school of thought, Stuxnet is the demonstration that an agent can get out of control, out of the cage, and could attack also machines of the country of its creators, don’t forget that cyberspace has no boundaries.

Internet is profoundly changing, the services are changing, platforms are changing and also the cyber threats do the same evolving in complexity and frequency of attacks.
The impact of uncontrolled wave of malware is devastating, but contrary to what might believe, small business will be first impacted, and if the situation is not handled we find ourselves before a domino effect that could involve big businesses and governments in a defenseless cyberspace.

Pierluigi Paganini

you might also like

leave a comment