Information security experts,computer engineers and researchers still has a shouldered work to do on protecting the Hardware-Software tools. As the world is shifting on the virtual space, the cyber attackers are still on contact with the cloud-computing world. Currently the attacks are directed the Government agencies or big Industrial companies.
A good example is the ongoing U.S hunt on the Systems & Communications of the top adversaries like China,Russia,Iran or even North Korea and their included activities around nuclear proliferation. I take this chance to talk about this Issue because i am aware of highly Coordinated attacks.
Back in late 2009 were the high tech companies faced a level sophisticated attacks which the researchers in security industries were left gasping and respecting the skills used - And without imagine Google were one who the attacked company, the attack originated from china and Google says the hackers stolen Intellectual Property and sought access to the G-mail accounts of human rights activists.
The encryption was highly successful in obfuscating the attack and avoiding common detection methods, The level of encryption has never been seen. In the wake of Threat Level's what happened was a zero-day vulnerability in Internet Explorer which was exploited by hackers to gain access from Google and other companies after Microsoft completed the investigation of the vulnerability. Why i said and other companies, this attack known as "Operation Aurora" targeted 34 companies in Tech, Financial and defense sectors
Once the Google worker visited a malicious site, their Internet Explorer browser was exploited to download an array of malware to their computer automatically and transparently. The programs unloaded seamlessly and silently onto the system. The Initial piece of code was shell code encrypted three times and that activated the exploit -Then it excuted downloads from external machine that dropped the first piece of binary on the host. That download was encrypted.The encrypted binary packed itself into a couple executable that were also encrypted.
One of the malicious programs opened a remote backdoor to the
computer, establishing an encrypted covert channel that masqueraded as
an SSL connection to avoid detection. This allowed the attackers ongoing
access to the computer and to use it as a “beachhead” into other parts
of the network, Alperovitch said, to search for login credentials,
intellectual property and whatever else they were seeking.
McAfee obtained copies of malware used in the attack, and quietly
added protection to its products a number of days ago, Alperovitch said,
after its researchers were first brought in by hacked companies to help
investigate the breaches.
The Security reseacher at McAfee- Alperovitch says the malware he examined was not previously known by any anti-virus vendors.
Also among those companies contained in attack every one has its Story...
By the way If the big tech Companies and Government agencies are now facing the highly attacks, One can be totally hacked without his consciousness.
As I wrote earlier about how the government will react in the future -Low developed countries are still depending on the physical investigation currently but it comes a time when they need to use cyber attackers to investigate as the social communities are connecting the 1990's people at a high speed.
Then i can see how the one who will be using highly engineered security systems formed by a group of Computer Scientist and engineers are the to be safe, were i think you should pay them for the service but those who are idol they will observe how magic Computer Technology Is.
iDefense also said that a vulnerability in Adobe’s Reader and Acrobat
applications was used to gain access to some of the 34 breached
companies. The hackers sent e-mail to targets that carried malicious PDF
attachments.
Alperovitch said that none of the companies he examined were breached
with a malicious PDF, but he said there were likely many methods used
to attack the various companies, not just the IE vulnerability.
Once the hackers were in systems, they siphoned off data to
command-and-control servers in Illinois, Texas and Taiwan. Alperovitch
wouldn’t identify the systems in the United States that were involved in
the attack, though reports indicate that Rackspace, a hosting firm in
Texas, was used by the hackers. Rackspace disclosed on its blog this week that it inadvertently played “a very small part” in the hack.
The company wrote that “a server at Rackspace was compromised,
disabled, and we actively assisted in the investigation of the cyber
attack, fully cooperating with all affected parties.”
Alperovitch wouldn’t say what the attackers might have found once
they were on company networks, other than to indicate that the
high-value targets that were hit “were places of important intellectual
property.”
The attacks appeared to have begun Dec. 15, but may have started
earlier. They appear to have ceased on Jan. 4, when command-and-control
servers that were being used to communicate with the malware and siphon
data shut down.
The attack was well-timed to occur during the holiday season when
company operation centers and response teams would be thinly staffed.
The sophistication of the attack was remarkable and was something that
researchers have seen before in attacks on the defense industry.
A05 -
No comments:
Post a Comment