• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

 | 

U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

 | 

UK NCA arrested four people over M&S, Co-op cyberattacks

 | 

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

 | 

Qantas data breach impacted 5.7 million individuals

 | 

DoNot APT is expanding scope targeting European foreign ministries

 | 

Nippon Steel Solutions suffered a data breach following a zero-day attack

 | 

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

 | 

Hackers weaponize Shellter red teaming tool to spread infostealers

 | 

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

 | 

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

 | 

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

IT Worker arrested for selling access in $100M PIX cyber heist

 | 

New Batavia spyware targets Russian industrial enterprises

 | 

Taiwan flags security risks in popular Chinese apps after official probe

 | 

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

 | 

Security Affairs newsletter Round 531 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber Crime
  • Cyber warfare
  • Malware
  • Security
  • Dangerous waves of malware are transforming cyberspace in a jungle

Dangerous waves of malware are transforming cyberspace in a jungle

Pierluigi Paganini September 07, 2012

The cyberspace is becoming a jungle of malware, a place where the danger is just around the corner. Governments, cyber criminals, hacktivist and terrorist are focusing their activities in the new domain due this reason we are assisting to the born of new agents and very sophisticated attack tools.

In a parallel manner is lowering the level of technical knowledge required to carry out cyber attacks, a phenomenon that raises a lot of concern among security experts from around the world.

It is quite simple today to acquire all the necessary to compose a personal botnet or to commission online the creation of malware based on well know agents such as Zeus.

According the last reports proposed by the main security companies there is no pace for every business sector, in particular banking and industry are the principal targets of the last wave of cyber attacks.

The number of attacks has increased dramatically according the cyber intelligence team at the Online Threats Managed Services (OTMS) group of RSA.

Idan Aharoni, head of the cyber intelligence team for RSA’s OTMS, announced the rapid explosion of the model of sell of  “malware as service” in which every malware and attack tools sold is supplied by meticulous support services.

Aharoni also declared

“The risk is huge. More criminals are able to target highly-sensitive information within companies,”

“Even in businesses are not specifically targeted, they are still at risk and should ensure they are able to mitigate against the kinds of attacks we are seeing,”

“Organizations must have a plan for dealing with infections and data breaches; they can’t just say this is an issue that doesn’t affect me. Any company that stores data is a potential target,”

The expert is referring the inadequacy of the current security defense mechanisms that daily are bypassed by new sophisticated cyber attacks.

It is a race against time, businesses and governments are exposed to serious risks, in particular the spread in the wild of agents of dubious origin represents a great cyber threat.

In the last months the number of cyber attacks related to cyber espionage campaign of governments is increased and some groups of researchers are sure that many other malware are silently operating in the cyberspace still undetected.

The impact on businesses by these agents is far from negligible, let’s take as example the finding of Gauss Malware. After Duqu, Flame and Mahdi a new cyber-espionage toolkit has been detected always in the Middle East, and like its predecessors it is capable of stealing sensitive data such as online banking credentials, browser passwords and system configurations.

Gauss was discovered during investigation conducted by the International Telecommunication Union (ITU) to mitigate the risks posed by emerging cyber-threats, it has been detected thanks the investigation made to identify the Flame malware and according the investigations Gauss has been spread on September 2011 and was detected in June 2012 and on July it its command and control infrastructure shut down.

The discovery of Gauss let the experts believe that many other related cyber-espionage malware are actually in operation and many other agents will be developed in the next future.

News of these days are the continuous attacks to oil companies Saudi Aramco and RasGas, hit by the Shamoon malware.

After a first wave of attacks it seems that newest attacks also use a more recent variant of the Disstrack malware.

The malware has destructive purpose, it attacks the system destroying system files, Master Boot Record and active partition of the disk.

According to report with Symantec, first company to discover Shamoon on August, the malware has three primary functional components:

  1. Dropper—the main component and source of the original infection. It installs a number of other modules.
  2. Wiper—this module is responsible for the destructive functionality of the malware.
  3. Reporter—this module is responsible for reporting infection information back to the attacker.

After the initial infection, Shamoon spreads via network shares to infect additional machines on the network.

The wiper destroy the component following a prioritized list of files by overwriting them with a 192KB block filled with a partial JPEG image of a burning United States flag.

Fortunately several antivirus application are able to detect the agent and immunize the machine.

I’ve read on internet that some experts don’t afraid a wide diffusion of those malware created by state sponsored projects, they believe that the agents are controllable and able to attack only specific targets within a specific area. I not agree this school of thought, Stuxnet is the demonstration that an agent can get out of control, out of the cage, and could attack also machines of the country of its creators, don’t forget that cyberspace has no boundaries.

Internet is profoundly changing, the services are changing, platforms are changing and also the cyber threats do the same evolving in complexity and frequency of attacks.
The impact of uncontrolled wave of malware is devastating, but contrary to what might believe, small business will be first impacted, and if the situation is not handled we find ourselves before a domino effect that could involve big businesses and governments in a defenseless cyberspace.

Pierluigi Paganini


facebook linkedin twitter

banking botnet cyber espionage Cybercrime Flame Gauss hacktivist Mahdi malware malware as service RasGas Saudi Aramco Shamoon sophisticated attack stuxnet Wiper

you might also like

Pierluigi Paganini July 11, 2025
U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog
Read more
Pierluigi Paganini July 10, 2025
UK NCA arrested four people over M&S, Co-op cyberattacks
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

    Uncategorized / July 11, 2025

    U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

    Hacking / July 11, 2025

    UK NCA arrested four people over M&S, Co-op cyberattacks

    Cyber Crime / July 10, 2025

    PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

    Hacking / July 10, 2025

    Qantas data breach impacted 5.7 million individuals

    Data Breach / July 10, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT