A report published by McAfee illustrates in detail an extensive pattern of precision attacks targeted specifically against the oil industry. The revelation from McAfee is yet another example of the rising trend of malware as a tool for corporate espionage, and the threat of state-sponsored cyber attacks.
The McAfee report–titled Global Energy Cyber Attacks: “Night Dragon”–states, “Starting in November 2009, coordinated covert and targeted cyber attacks have been conducted against global oil, energy, and petrochemical companies. These attacks have involved social engineering, spear phishing attacks, exploitation of Microsoft Windows operating systems vulnerabilities, Microsoft Active Directory compromises, and the use of remote administration tools (RATs) in targeting and harvesting sensitive competitive proprietary operations and project-financing information with regard to oil and gas field bids and operations.”
The implications are ominous. The computer and network security industry operates on a primarily reaction-based model. Attackers create threats, and security vendors discover them and create defenses to guard against them…after the fact. If the attacks fly under the radar, though–remaining undiscovered–then there is little that most of today’s security solutions can do to detect or evade them.
Attacks such as this–like the “Operation Aurora” attacks against Google and others (also a China-based effort), or the Stuxnet worm ostensibly engineered specifically to compromise the nuclear capabilities of Iran–are much harder to defend against. McAfee explains, “Our experience has shown that many other industries are currently vulnerable and are under continuous and persistent cyber espionage attacks of this type. More and more, these attacks focus not on using and abusing machines within the organizations being compromised, but rather on the theft of specific data and intellectual property.”
Technology has evolved, and cyber attacks have matured. Organizations can’t just rely on the traditional firewall and antivirus software model to protect corporate secrets and other sensitive information, or to guard against subversive coordinated attacks. IT and security admins need to be more proactive about vulnerability and risk assessment of critical assets, and more vigilant about safeguarding sensitive information and preventing it from being leaked or compromised.
Yesterday was Microsoft’s monthly Patch Tuesday, but it was also Adobe’s quarterly patch release day. While Microsoft buried IT admins with 12 new security bulletins, Adobe piled on with a slew of its own patches and updates. A recent report from McAfee found that the number of attacks against Adobe software vulnerabilities outnumbers the attacks against Microsoft vulnerabilities 100:1, so there is good reason to pay close attention to the Adobe updates and patch your Adobe software ASAP. Here is a list of the Adobe updates:
Since the evil genius behind ZeuS announced his retirement last fall and handed over his source code to the creator of rival Trojan toolkit SpyEye, the security world has been counting down with some trepidation to see what the merger will produce. It seems the zero hour may soon be upon us.
A Trend Micro blog posts hints that a new SpyEye toolkit beta may just be the first generation of the hybrid ZeuS/SpyEye toolkit. Both ZeuS and SpyEye have wrought their respective share of cyber destruction. The new toolkit appears to combine the strengths of both, while also demonstrating some improvements and polish, and adding in some new features to evade and circumvent security controls.
A ZeuS/SpyEye super Trojan could be a formidable piece of malware. The good news is that security vendors like Trend Micro are paying attention, and are aware that its only a matter of time. Hopefully, security researchers will be able to piece together enough from working with the toolkit to be prepared to defend against it when the threat starts spreading in the wild.