Interviews

Cyber-espionage grows

by Mark Rowe

The most significant IT security incidents of the third quarter of 2012 were related to activity by the Madi, Gauss and Flame malware, according to Kaspersky Lab.

The Madi campaign of penetrating computer systems went on for almost a year and targeted the infrastructure of engineering firms, government organisations, banks and universities in the Middle East. The malicious components were distributed via attacks that were based on a set of well-known, unsophisticated technologies. Despite the simplicity of the technology, cyber-criminals managed to keep their victims under close surveillance for extended periods of time.

The more sophisticated Gauss malware, classified as a ‘cyber-weapon’ by experts, was discovered in the course of an investigation initiated by the International Telecommunication Union (ITU) after the discovery of the Flame malware. Essentially, Gauss is a nation-state sponsored “banking” Trojan. In addition to its other spyware payload, it is aimed at stealing a variety of information about online banking systems of infected PC users in the Middle East. Gauss secretly forwards to administration servers passwords, inserted or saved in the browser, cookie files and configuration details of the infected system. Gauss is based on the Flame platform and shares some features with Flame, such as routines for infecting USB drives.

Kaspersky Lab staff were also able to gain new information on Flame command-and-control (C&C) servers. The C&C code supports three communication protocols. It handles requests from four malicious programs, codenamed by the authors as SP, SPE, FL and IP. Of these four malicious programs, only two are known at this time: Flame and SPE (aka miniFlame).

Countries at risk

Threat geography also saw interesting changes. There was a new leader among countries hosting malicious content, with Russia (23.2 per cent) overtaking the USA (20.3 per cent).

In Q2, the top 20 countries at risk of computer infection via the internet consisted exclusively of countries from the former Soviet Union, Africa and South-East Asia. In the third quarter it also included two South European countries: Italy (36.5 per cent) and Spain (37.4 per cent). Russia was replaced by Tajikistan as the most dangerous place to surf the web, with 61.1 per cent of users in the Central Asian country encountering antivirus detections when online.

The full version of the report “IT Threat Evolution: Q3 2012” is available at http://www.securelist.com/en/analysis/204792250/IT_Threat_Evolution_Q3_2012

Related News

  • Interviews

    Detecting insurance fraud

    by Mark Rowe

    A Queen’s University Belfast student has developed software for detecting insurance fraud. Jiawen Sun, a PhD student in the School of Electronics,…

  • Interviews

    Three cyber weapons

    by Mark Rowe

    Mike Howie, Information Security Consultant at CS Risk Management writes that in recent months it has been hard to avoid hearing the…

  • Interviews

    Voice of Customer – Vista

    by Roy

    Another Successful ‘Voice of Customer’ Launch Event for Vista 3rd November, Reading UK   On Thursday 27th October Vista launched its Voice…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing