Wednesday, September 28, 2016

Attacks in (cyber) space

The conquest of space has been one of the main goals that many world powers have constantly fought for. Many things have been said about the first man on the moon. Things such as it was a big step for mankind, or that it could have been set up in a film studio. 

The truth is that the aerospace sector is not free from the attack of cybercriminals. According to the magazine Security Week, a group of researchers at Palo Alto Networks may have discovered a Trojan for OS X used by Russian cyberspies in the aerospace sector. The malware known as Komplex seems to have been developed by a group of hackers known as Sofacy, Pawn, Storm, APT28, Fancy Bear and Tsar Team.

The attackers may be also linked to major cyber attacks against the US government and their political parties. Those hackers may have also intervened in the German parliament and the World Anti-Doping Agency (WADA).

According to researchers, the Komplex attack usually begins with a component that displays a document in the app preview in OS X. The dropper component is designed to drop and execute the main payload and ensure its persistence by configuring the system to launch it when OS X starts.

Once it infects the device, the malware establishes contact with its command and control server and collects system information. The Trojan allows attackers to execute arbitrary commands and download additional files. According to Ryan Olson, intelligence director at 42 Palo Alto Network, Komplex was detected at the beginning of August. “Komplex shares the same features and functions than other tools used by Sofacy, that were used in Windows systems”, Olson says.

Another study that was made public this week is the one by Google. The company has paid around one million euros to a group of researchers in order to try and fight the cross-site scripting (XSS), according to the website The Register. The XSS are one of the most widespread threats in the web app world. It can be used to steal sensitive information, hijack user sessions and affect the browser and the whole system integrity. 

Image Original Source: Freeimages


Post a Comment