PUNTA CANA: Researchers at an esteemed Internet security firm have uncovered a campaign of cyberespionage that they are calling the most sophisticated advanced persistent threat (APT) attack they have ever seen.
Kaspersky Labs, which produces software designed to protect users from Internet threats across multiple devices, announced the details of Careto, which means “ugly face” or “mask” in Spanish, at its 2014 Security Analyst Summit, an annual event that connects researchers, law enforcement organizations, and cyber response teams so they can coordinate their efforts in tackling cybercrime.
Careto is a unique attack because of the diversity of its toolset. Among other things, it uses malware, versions for Mac and Linux, and possibly even iOS and Android versions.
It also uses a rootkit—a means for unauthorized users to achieve “root”, i.e. administrative, access to a computer without the user’s consent—as well as a bootkit—a particular type of rootkit that grants an attacker control at the time of “booting” or turning on a computer, which, in turn, allows the attacker to bypass much of an operating system’s security protocols.
According to the report issued by Kaspersky Lab, the victims of Careto fall into a number of categories, including government institutions, embassies, energy and gas/oil companies, and research institutions.
It is currently estimated that Careto has infected over 1000 Internet Protocol (IP) addresses in 31 countries.
The attackers were able to penetrate their targets via spear-phishing techniques, such as by including malicious links containing subdomains that mimic those of major newspapers in Spain, as well as The Guardian and The Washington Post.
It is currently unknown who committed the attacks. Various components of the malware suggest that the authors were proficient in Spanish. But there are over 21 Spanish-speaking countries in the world, and even then, this in no way guarantees that the attackers were operating at the behest of a Spanish-speaking state.
Even so, noting that Careto intercepts traffic, keylogs inputted data, and collects encryption keys, Kaspersky Labs has also alluded to additional extensions whose sophistication of design relates to tools that are available only at the military or governmental agency level.
Researchers at Kaspersky Labs first became aware of Careto back in 2008 when some attempts were made to integrate the malware into older Kaspersky Labs products and make it undetectable. This initial exploit led to a full investigation into the malware.
Careto seems to confirm people’s worst fears in regards to cybercrime. Not only can APT now attack a variety of targets simultaneously using a plethora of tools, but it can also do so for seven years without being discovered.
Cybercrime is increasingly becoming more sophisticated and undetectable. Acknowledging this, the importance of conferences such as Kaspersky Labs’ Security Analyst Summit cannot be overstated. To meet the new threat landscape, actors across multiple sectors need to learn to cooperate with another and pool their resources.
This might be the “best” first step for cyber security experts in appreciation of a cyber environment bristling with new, elegant, and more advanced threats.
David Bisson | @DMBisson
Bio: David is currently a senior at Bard College, where he is studying Political Studies and writing his senior thesis on cyberwar and cross-domain escalation. He also works at the Hannah Arendt Center for Politics and Humanities at Bard College as an Outreach intern. Post-graduation, David would like to leverage his extensive journalism experience as well as his interest in computer coding and social media to pursue a career in cyber security, both its practice and policy.
