Saturday, July 19, 2014

Sophistication and human error

"Sophisticated code like Gyges was created for a specific purpose by, what appears to be a government agency, and it should have remained within the control of that agency". It concluded Brandom Hoffman, CTO of RedSeal Networks, the analysis of a new modularized and sophisticated malware, recently found for sale in underground forums.

Gyges, which is the name by which it is known, provides stakeholders a suite of tools that handle to obfuscate the attack, either by generating several sand-box that pose as system services, or dodging, quite rightly, most heuristics defense systems. The way it operates, and the many variations that are beginning to appear (bank fraud, key logging, stealing personal data, ...), it seems that this is one of the weapons from a government spy who has decided release in order to outsource any attacks directed at specific targets surely, a technique of cyberwar threatening not only the "enemy" but any technology user, and is welcomed by the domes of cybercrime.

We had a suite of invisibility, a suitcase full of 0-days and focused on the exploitation of SCADA systems (Supervisory Control and Data Acquisition). "Havex", Stuxnet distant cousin, mutated to skip most current control of such critical infrastructure, attacking both SCADA clients and servers using the standard communication protocol such architectures, OPC. Among its benefits, the undetectable and passive analysis of how the whole system, in order to report the attackers, and discuss how they act. It also has the ability to remotely control the system, exploiting Windows vulnerabilities (mostly in such architectures), servers and even launch attacks in real time with different objectives.

Technology has always gone hand in hand with science fiction, inheriting some of his creations and making them a reality in our world. One of these examples are automatic systems capable of destroying the enemy (or the planet) if its creators are gone. The Soviet Union finally state that had one of these systems, called Dead Hand, which would come into operation in the event that all commanding officers died, attacking with all nuclear power the U.S. A small scale, the Dead Hand still used, especially in order to protect the investigation of a scientist or activist, or privacy of a user. But they can fail, as happened to Arrigo Tuzzi, co-founder of K2 Defender when his Dead Hand activated erasing all data on devices and encrypting his public data in various media, for being three days with pneumonia.

The internet of things is just around the corner, and there are many establishments encouraged to start their performance. Among them, the luxury hotels have managed to revolutionize the industry, investing in smart rooms, managed by a device that is delivered to the user input. But poor management of this change has allowed to Jesus Molina, a security consultant, take control not just a room but from any other in the St. Regis ShenZhen Hotel of China, to use for communication with the iPad used to control a protocol called KNX, designed for wired networks, not for WIFI networks. Automation requests were made by both unencrypted and on top, using the same WIFI network to which customers have access, so a while sniffing the network, and applying the appropriate calls, could close any room, wake guests with music at the highest level or any other idea that occurred to him.

If you've come to the end, remember that you can rate and comment our posts, or follow our social profiles whose links you will find at the sidebar, as usual.


Post a Comment