Friday, November 28, 2014

APTs spearheading new cyberwar

"If we were able to develop samples that were not detected by these tools without actually having access to any of the tested products during the development phase, then resourceful attackers who may be able to buy these products will also be able to develop similar samples, or even better ones."

This is the conclusion reached by one of the researchers behind BAB0, which is a malware created to test attack detection systems across security industry. BAB0 is just an APT taking advantage of techniques such as steganography (hiding code on images) to infect the victim, and may thereafter monitor traffic and break operating system sandboxes.

But the headline today is that several of the most reputed internet media websites have been hacked: The Independent, The Daily Telegraph, Forbes, ABC, NBC, Clarín and Olé are some the Syrian Electronic Army’s targets in this attack. To carry it out, they compromised a common element on all of them: Gigya. All readers saw an alert warning of such hacking with the logo of the SEA when they visited any of these websites. A DNS redirection to Gigya was enough to deny access to these sites.

Earlier this week we told you about Regin, one APT discovered this week. It seems to confirm that this is one of the most sophisticated cyber weapons in history. This spyware is able to obfuscate its communications under a complex network of levels, so that a single infected computer could allow attackers to forward requests to other infected devices within a country, which would receive orders from other infected computers in different parts of the world at the same time.

All these compromised computer systems threaten national security. In fact, they led the ENISA to create an evaluative framework for a national cybersecurity strategy. This flexible framework has been updated to new risks. It bases its potential rightly set KPIs to critically evaluate the technology ecosystem.

Among them, surely it is included the importance of private and secure communications. This is something you can get with Android Lollipop devices by configuring their VPN. At El Androide Libre they review some of the positive changes brought by Android’s new version related to virtual private networks, and  recommend several apps to do it.

Meanwhile the mechanisms for access control have meant a qualitative leap for information technology. These different techniques allow you to associate an identity to a file or system, so you can set permissions and levels for different roles. To sum up, it is a review of identification and permissions management methods which are essential for the proper functioning of the entire technology ecosystem today.


Post a Comment