A cyberthreat group using malware tied to the Sony Pictures hack of late 2014 is attacking nuclear, defense, energy, and financial companies in what appears to be a campaign to gather information for future exploitation. In October and November alone, the malware has appeared on systems belonging to at least 87 organizations, most of them in the US, McAfee said in a report this week.
Sam Curry, Chief Security Officer at Cybereason:
However, simply applying Occam’s Razor when a campaign is exposed is dangerous, especially when well known, older tools are in use. False flag operations abound, and it’s customary to cover tracks and use tools that are commonly attributed to others. Using RC4 for encryption or Duuzer as a Trojan is far from a smoking gun in Rising Sun as these have been around for over 3 years.
The name of the game has to be to both reduce the attack surface and exposure and engage in advanced detection. Reasons for Rising Sun range from a going-out-of-business sale use of old code to diversion or distraction attacks and from false flag operations to incriminate others to legitimate operations to catch as many assets before critical infrastructure further forts up. The bottom line is that the good old days of stale security are numbered, and the laggards need to improve the state of security now to avoid the wave of attacks that may come from attackers having trouble against their better protected, traditional targets.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.