Interviews

Hybrid is best

by Mark Rowe

Cloud technologies are an important element of modern security solutions, but cannot protect computers without the support of local security tools. So the best way is to use hybrid solutions that incorporate local anti-malware technologies and simultaneously interact with a cloud service. However, such solutions are chosen by just 21 per cent of companies. This is according to a study conducted by Kaspersky Lab in collaboration with B2B International.

Hybrid solutions are most popular in large enterprises, with 29 per cent using hybrid security. However, such solutions remain unpopular among the majority of companies. According to the research, most respondents (51 per cent) prefer local solutions with no cloud assistance, and another 20 per cent choose cloud security tools.

Malcolm Tuck, Managing Director at Kaspersky Lab UK and Ireland said: “Today, the amount of malware is increasing exponentially: about 140 new threats appear every minute. It is already impossible to overcome them simply by using the traditional signature search method – new threats are emerging too fast for even regular updates to stay one step ahead. That is why security solution developers are working on combining proactive and cloud technologies. The former help detect unknown threats: the latter deliver protection from new threats as fast as possible. There are further security solutions based only on cloud technologies, but these cannot provide reliable protection against complex threats, including zero-days. And such solutions cannot work efficiently without a stable Internet connection. “

Meanwhile: NetTraveler is a family of malicious programs used by APT actors to compromise more than 350 high-profile victims in 40 countries, an IT security firm reports. The NetTraveler group has infected victims across multiple establishments in both the public and private sector including government institutions, embassies, the oil and gas industry, research centers, military contractors and activists. This is according to Kaspersky Lab in a new research report.

According to the report, this threat actor has been active since as early as 2004; however, the highest volume of activity occurred from 2010 – 2013. Most recently, the NetTraveler group’s main domains of interest for cyberespionage activities include space exploration, nanotechnology, energy production, nuclear power, lasers, medicine and communications.

Methods

Attackers infected victims by sending clever spear-phishing emails with malicious Microsoft Office attachments that are rigged with two highly exploited vulnerabilities (CVE-2012-0158 and CVE-2010-3333). Even though Microsoft already issued patches for these vulnerabilities they’re still widely used for exploitation in targeted attacks and have proven to be effective.

The titles of the malicious attachments in the spear-phishing emails depict the NetTraveler group’s dogged effort of customising their attacks in order to infect high-profile target. Notable titles of malicious documents include:
o Army Cyber Security Policy 2013.doc
o Report – Asia Defense Spending Boom.doc
o Activity Details.doc
o His Holiness the Dalai Lama’s visit to Switzerland day 4
o Freedom of Speech.doc.

Data theft

Kaspersky Lab obtained infection logs from several of NetTraveler’s command and control servers (C&C). C&C servers are used to install additional malware on infected machines and exfiltrate stolen data. Kaspersky Lab’s experts calculated the amount of stolen data stored on NetTraveler’s C&C servers to be more than 22 gigabytes.

Exfiltrated data from infected machines typically included file system listings, keyloggs, and various types of files including PDFs, excel sheets, word documents and files. In addition, the NetTraveler toolkit was able to install additional info-stealing malware as a backdoor, and it could be customised to steal other types of sensitive information such as configuration details for an application or computer-aided design files.

Infection statistics

Based on Kaspersky Lab’s analysis of NetTraveler’s C&C data, there were a total of 350 victims in 40 countries across including the United States, Canada, United Kingdom, Russia, Chile, Morocco, Greece, Belgium, Austria, Ukraine, Lithuania, Belarus, Australia, Hong Kong, Japan, China, Mongolia, Iran, Turkey, India, Pakistan, South Korea, Thailand, Qatar, Kazakhstan, and Jordan.

With the C&C data analysis, Kaspersky Lab used the Kaspersky Security Network (KSN) to identify additional infection statistics. The top ten countries with victims detected by KSN were Mongolia followed by Russia, India, Kazakhstan, Kyrgyzstan, China, Tajikistan, South Korea, Spain and Germany.

Related News

  • Interviews

    Safer Sounds: event plan

    by Mark Rowe

    We met Phillipe Chiarella, Programme Manager of the Safer Sounds Partnership, set up by the London-based Safer Business Network to offer services…

  • Interviews

    Infosec survey

    by Mark Rowe

    The UK annual information security conference and exhibition Infosecurity Europe recently surveyed 1,336 industry professionals on the subject of ‘Intelligent Security’. It…

  • Interviews

    Cryptocurrency malware

    by Mark Rowe

    At the RSA conference in San Francisco, the IT security company Dell SecureWorks released a Cryptocurrency Malware Report which covers the cryptocurrencies…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing