Experts from STEALTHbits Technologies, Lancope and Tripwire commented this morning on Kaspersky’s newly announced research on the Equation cyberespionage group’s advanced form of malware that is impossible to remove once it’s infected a PC. Kaspersky Lab released a report Monday.
Jonathan Sander, Strategy and Research Officer, STEALTHbits Technologies (www.stealthbits.com):
The lesson this Equation Group should teach us isn’t that there are well funded, highly skilled hackers, but rather that making small mistakes like leaving key parts of your infrastructure unprotected are the things that get you in the end. This group had nearly infinite resources, based on the analysis floating around. Yet a few domains that would have cost a pittance contributed to exposing their operations. The classic foes of investing in security are cost and convenience. Was it too hard to renew the domains? Did someone figure they were not worth the money even at such a small cost? It’s no surprise that super skilled hackers are dwelling on the fringes, but it is surprising that they seem to make the same bad security choices anyone else does and, just like companies that get breached, end up in the headlines exactly the way they likely didn’t want to. Or, who knows, maybe they thought it was time they got some credit for over a decade of being such bad asses.
TK Keanini, CTO, Lancope (www.lancope.com):
This malware is highly advanced as 1) it is not just one tool but a suite of tools all working in concert with one another and 2) some of these tools penetrate the BIOS of devices whereby they live under most of the users control to detect and remediate – in the case of the hard drives, the only safe solution is a complete physical replacement.
It’s not new at all, this has and will remain an attractive target because it lives under most control and detection. Strategies like this are used on motherboard, on mobile phones, and anywhere there is a hardware BIOS (os) that has control before the host operating system can come into operations.
It is a threat to everyone using computers. The people being targeted yesterday, are different today, and will be different in the future. This threat is everyone’s threat and everyone must do their part to make it harder for these folks to operate.
Lamar Bailey. Director, Security R&D, Tripwire (www.tripwire.com):
From all indications this is very advanced malware that can infect hard drive firmware. Infected firmware from the factory or persuading users to upgrade to an infected firmware is not uncommon but infecting firmware silently in place is much more dangerous. The groups major targets have been Asia-Pacific and areas of civil unrest with most of Europe and the Americas only lightly touched. Given the sophistication of the malware that has been examined the team is choosing their targets with care and could turn it against the US or Europe assuming the attacks are not from the US and Europe.
Free Cyber Security Training! Join the revolution today!
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.