Tag Archive | cyberespionage

RSA Conference Details Unfold in this Super Writeup!

The RSA conference is a yearly security conference where various internet security topics are discussed. Well, this year’s discussions are quite intense, and involve many of the latest problems.

  1. Security training is an important thing for any person. Teaching people about the seriousness of threats is highly important. Not just about some of the basics of threats, like an IP address, firewalls, or antivirus software. But, more than that, more focused on trends in computer security, social engineering, etc. With the increase of people using tablets, smartphones, etc., there is a big need for understanding cybersecurity. (Secure Connexion has their own ventured school, SecuSchool, hosted on a sister website.)
  2. Cybersecurity on Planet Earth is in big trouble! Experts state that the internet was designed to be build without security concerns. However, with password theft, business attacks, fraud, phishing, etc. – this makes internet security far more important. Problem is, attackers are also getting organized with their criminal activity. With that, there is a need for counterintelligence methods.
  3. “Too big to be good” is how most security companies are being stated as. By the time new businesses are started fighting new cyberthreats, criminals already have new plans being carried out.
  4. Free personal data (in numbers of petabytes) are out there in social media and analytics. Scams, fraud, and phishing scams can be built with the free information available online.
  5. Mobile malware on the rise. An apparent 30% of malware submissions (not necessarily new) are reported to come from mobile platforms.
  6. Cyberespionage is on the rise big time!  Governments are spying on each other, gathering information, stealing secrets, and preparing to construct cyberattacks.
  7. There are a lot of good security startups, which are making steady advances toward the future of cybersecurity. We’re just one of those startups.

Today, continuing in RSA, keynote speeches will be posed from Vint Cerf of Google, Philippe Courtot of Qualys with special guess John Pescatore of SANS Institute, Christopher Young of Cisco, Mike Fey of McAfee, and Jimmy Wales of Wikipedia.

Last year’s conference highlights were as follows:

  • Application, cloud, data, and mobile  security
  • Cryptography
  • Hacking and other threats
  • Governance & laws
  • Risk & compliance
  • Professional development
  • Strategy & architecture
  • Technology infrastructure

We will most likely have more details about RSA 2013 in the coming days. The conference runs from February 25-March 1 in San Francisco.

Flame malware command-and-control servers reveal earlier origins, among other links

Government malware, Flame, Stuxnet, etc. is expanding and becoming more of a problem. Computer systems are getting even more inventive, but not at the alarming rate that dangerous malware is expanding. There may be more links other than Stuxnet for Flame.

First, computer systems are created for specific purposes, and have been for about forty years now. However, some of the newer computer systems are created to become like robots, which means that the computer system works on its own without user intervention. But, what happens when malware targets the core computer systems of oil industries, energy companies, military plants, etc.? It can cause dangerous and severe consequences if the system were to become compromised.

Second, the Flame malware became uprising just this past May, where it infected over 1000 computers, according to Kaspersky Lab. The victims of the first attack included governmental organizations, educational institutes, and personal users. Most of the attacks were central over West Asia, including Iran, Israel, Syria, Saudi Arabia, Egypt, among others. Supporting a kill command, which would eliminate all traces of the malware from the computer attacked, this command was sent soon after the malware’s exposure. Right now, there are no reported active infections of Flame, or other variants being created.

However, there are derivatives of the Flame malware being created. We reported a few weeks ago about Shamoon being actively distributed using its skiddie approach. There are other links that were recently found (like Gauss) that can relate Flame to command-and-control usage back to 2006. Which means this Flame project could be as much as 6 years old, or is related to malware from then.

Instead of looking like a botnet interface, the Flame command centers look more like content-management systems (CMS), and have many other new approaches. One of its approaches included the three fraudulent certificates, which Microsoft patched to block them back in June.

More news about the findings and C&C servers were fully unveiled to the recent Flame investigation by Kaspersky Lab and the news from Symantec (PDF). Researchers at Kaspersky Lab state they were suspicious about the findings of a development link to Stuxnet back in June, when communication was eavesdropped between the team.

Some of the key developers behind all of this situation include speculation of the US & Israel combined. However, there is no known evidence backing these claims, except for what researchers can reveal about coding types and other methods used.

Much of the articles by Kaspersky Lab and Symantec include the following speculations as well:

  • Four programmers at least tag-teamed on the job of development as their nicknames were left in the code.
  • One-server called home 5000 victim machines during just a one-week period in May, suggesting at least 10,000 victims.
  • The infections weren’t just focused on one-group of organizations or people, but in separate groups of targets in many countries.
  • Many of the targets focused a lot on Iran and Sudan.
  • Different custom protocols were used to communicate with the servers, not just one protocol. Meaning that there were at least four different protocols used to communicate to the servers.
  • Tons of data was stolen, which 5.5 GBs was reported in just one week of data-mining from the malware.
  • The attackers are either mining for government information, or attempting to gain military intelligence.

The developers behind the Flame malware have a lot more secrets, which are being unveiled. More ties are being linked to Stuxnet and Flame, and when the information becomes available, it’ll be here on seCURE Connexion’s blog. The Flame developers obviously have a lot of nerve developing these cyber-weapons. But, many politicians and security experts have warned of this information warfare for years. Here we are at the peak!

To protect your computer from hackers, use Kaspersky’s PURE Total Security:
Kaspersky PURE Total Security

%d bloggers like this: