Targeted attacks, it does not happen to others. And Eugene Kaspersky seems to take the attack suffered by his company philosophically. “The fact that we were also victims of a sophisticated attack is rather flattering and proves, in some way, our company is among the best in the industry. “The argument can smile, but what do you want, we comfort as can be.
A sophisticated attack high
The group identified by Kaspersky striker falls according to the editor of a state organization, that assumption is based on a body of evidence gathered by the company during its investigation of piracy which it suffered. This helped to highlight the proximity of the methods used with those of the group behind Duqu, a computer worm discovered in September 2011 and with similarities to Stuxnet.
The attack was detected by Kaspersky early spring 2015. “We preferred to remain discreet about it until the 0day vulnerabilities exploited by attackers have been patched, which is the case now “and says Eugene Kaspersky. The attack uses an advanced malware, presenting many similarities with the Duqu malware, prompting Kaspersky baptizing the Duqu 2.0. Other companies, according to Kaspersky, were victims of the same group in 2014/2015, many companies closely linked to the process of ongoing negotiations between the United States, the European Union and Iran over its nuclear program .
This new malware is, according to Kaspersky, particularly sophisticated and difficult to detect. Among the recommended methods to get rid of the infection, the publisher obviously recommends using its solutions and to keep its system up to date, but also to consider a complete reboot of the computer system, Duqu 2.0 have indeed the ability to run “in memory”, that is to say in the RAM of the infected computer.
From espionage, but no damage
The attackers are particularly interested in technologies and investigative Kaspersky and their working methods on other targeted attacks. “It is difficult to estimate at the moment what the attackers were seeking, but you could see they were particularly interested in the malware we analyze manually, without using our automated processes. Obviously, we reserve this treatment for the most interesting cases and high level. “.
Duqu malware is modular, which can be modified to suit different usage scenarios and whose modules are used to create variants, leading Kaspersky designer a” platform ” to talk about what malicious program.
Kaspersky initiated an audit of scale on their system as well as the source code of its products, but its leader believes that “for now, nothing seems to have been compromised. “Given the scale of the attack, the investigation is likely to last several weeks.
The allocation is delicate, but still …
The company obviously remains cautious regarding the awarding of a possible origin of the attack and refused to appoint a particular actor. But the simple fact of having brought the malware Duqu, for mentioning the support of a state at work behind the attack and the highly political nature of the targets is within the preterition: the Washington Post did not hesitate to Besides not and evokes Israeli track, countries that had played a role in the development of Stuxnet.
Of course, the opportunity is great for Kaspersky, which benefits from the deal to make claims for its new APT detection solution, which according to Eugene Kaspersky, allowed Editor teams to discover this highly sophisticated attack. Eugene Kaspersky has also used the opportunity to call companies to more transparency with regard to the attacks in order to get out of this “medium technological age” he deeply regrets.
The company released a set of documents and information, which compromises of indicators identified by the publisher as well as a thorough study of the malware offered in a 46-page pdf available on their blog.
No comments:
Post a Comment