Security Blog

Your source for information security news and views.

Subscribe to feed Viewing entries tagged Operation Shady RAT

Trouble keeping up with the industry? IP3 Inc.’s CPE ToGo Program is here to help

Posted by Ken Kousky
Ken Kousky
Ken Kousky has not set their biography yet
User is currently offline
on Friday, 09 September 2011
in MyBlog

The past year has been plagued with a variety of new attacks. The most influential being Operation Shady RAT and its attack on over 70 organizations, the theft of RSA’s SecureIDs, and the DigiNotar hack that resulted in the compromise of numerous SSL certificates. All of these attacks have one thing in common. They are all Advanced Persistent Threats (APTs). APTs are a new breed of attack taking the IT industry by storm. They are carefully monitored, resilient to defense, polymorphic and incredibly successful. But these attacks are after much more than a few SecureIDs or SSL certs, the true target is the information these assets allow their attackers to access. With one SSL cert, attackers are able to spawn an infinite amount of fake websites and lure in unsuspecting victims who submit valuable personal data and banking data to the false pages, without warning, without suspicion. This information is then used for political and financial gain, all fueling the machine and allowing further attacks to break down the fragile system we all hold dear.

APTs are one of many emerging threats on the frontlines of IT security. Other hot topics in the industry include Cloud Computing security, new challenges in Cryptography, and emerging Exploits. Even business related aspects of IT are changing rapidly such as the many improvements to be made to Risk Management procedures all influenced by the recent natural disasters on the east coast along with the 10 year anniversary of 9/11.

So many emerging topics, so little time.

But there is hope for security professionals. IP3 now offers an all new way for security professionals to learn about all of these new emerging threats and technologies and at the same time keep up on their certifications by earning valuable CPEs, all for an incredible price, wrapped up in a package that fits the lifestyle of the even the busiest IT security professional.

Click here for more information on IP3 Inc.’s industry first CPE ToGo program.

Hits: 1707 0 Comments

Break out the RAT traps, there is shady business afoot

Posted by Patrick Snyder
Patrick Snyder
Patrick Snyder has not set their biography yet
User is currently offline
on Thursday, 04 August 2011
in MyBlog

Forget about LulzSec and Anonymous. Those political hacktivist groups are only amateur script kiddies compared to hackers recently revealed by McAfee. The newly discovered groups five year long attack, which struck at least 72 identified organizations, seems to have originated out of China, although no official location has been determined.

Dubbed Operation Shady RAT, which stands for remote administration tools, employs spear phishing techniques which mimic legitimate email messages (just as many other phishing attacks do), then once users open attachments their systems become infected with malware allowing them to be controlled by a command-and-control server hosted by the hackers. Unlike other attacks we have seen, this hacking group doesn't seem to be out for laughs or a quick payout. It's data mining they are after, and lots of it.

The longevity of their attacks has led to the compromise of petabytes worth of data thus far. The damage and loss of proprietary information is far more valuable than anyone would have predicted, and until the attackers are shut down, it is only expected to get worse.

This attack brings to light a concept we have been throwing at IT security professionals for quite some time now. Anyone who has attended Ken Kousky's Strategy to Reality seminars has most definitely heard about Advanced Persistent Threats (APTs). This was the same attack approach used in the SCADA attacks on Iraq's nuclear facilities and in Operation Aurora against Google and a dozen or more organizations. For those that need a brush up on APT attacks think of them as interactive, polymorphic attacks with the ability of their controllers to evolve and adapt to any security system. You build a wall, they knock it down, you dig a moat, they swim across it. APT attacks represent an new revolution of unstoppable cyber attacks.

The only way to stop an APT attack is to cut it off at its driving source, the C&C; server. McAfee is working with a variety of US government agencies to shut down the C&C; server however the attackers 5 year head start along with jurisdictional issues is sure to make this quite the challenging task.

Another issue is many organizations failure to report or admit a compromise, thus making these attacks even more difficult to follow. Security professionals must keep in mind that despite your organizations reputation or pride, you have a duty to disclose attacks to the proper authority. These attacks cannot be ignored and cannot be fought alone.

Microsoft has even started a program offering a $250,000 incentive to anyone who contributes outstanding solutions to these attacks in defense of the future of computing technology.

If your wondering if your organization could be a target then just ask yourself one question. Does my information hold any value whatsoever? I'm guessing that for 95% of organizations this answer is yes.

Hits: 957 0 Comments