ISPs In Turkey, Syria, Egypt Installing Mining, Surveillance Malware

By   ISBuzz Team
Writer , Information Security Buzz | Mar 16, 2018 10:30 am PST

It has been reported that researchers at The Citizen Lab have revealed the apparent use of Sandvine/Procera Networks Deep Packet Inspection (DPI) devices to deliver nation-state malware in Turkey and indirectly into Syria, and to covertly raise money through affiliate ads and cryptocurrency mining in Egypt.

Deep packet inspection (DPI) middleboxes on Türk Telekom’s network were being used to redirect hundreds of users in Turkey and Syria to nation-state spyware when those users attempted to download certain legitimate Windows applications. Similar middleboxes at a Telecom Egypt demarcation point were apparently being used to hijack Egyptian Internet users’ unencrypted web connections en masse, and redirect the users to revenue-generating content such as affiliate ads and browser cryptocurrency mining scripts. Evgeny Chereshnev, CEO at Biolink.Tech commented below.

Evgeny Chereshnev, CEO at Biolink.Tech:

“All governments make attempts to spy on everybody – both foreign targets and its own citizens. It’s an essential part of geopolitics and in most cases is simply routine military activity in the 21 century – constant gathering of intel. Thanks to Edward Snowden, today we know that mass surveillance and cyber weapons are not something that is being used uniquely by despotic regimes – most countries are doing it or considering it. But when it comes to malware, that has specific goals such as redirecting users to profit generating links or converting their machines into cryptocurrency mining zombies. In most cases those are not state-sponsored.

I believe Sherlock Holmes used to say – “If you want to find the true criminal – look for the motives”. The result of malware activity is clear – to generate cash. State-sponsored malware is very rarely used for such purposes – when the big guns are being fired, they usually pursue big geopolitical goals – to compromise enemies’ infrastructure, inflict real damage (we’ve all seen it with Iran nuclear centrifuges damaged by Stuxnet code) etc. Purely financial motivation usually means that professional hackers are behind it. Today those rarely work alone – they are well organised groups, hitting their financial MBO’s.

Hackers find the most unprotected spots and attack it with malware, converting legitimate computers into their distance controlled puppets. Basically, for them, distribution of malware that converts people’s computers to crypto mining and similar highly marginal activities is an easy way to make money. In order to protect yourself from such hacking groups and their actions, there are some steps you could take:

1) Never open links from people you don’t know, and double check with people you know who share links with you to be sure they are in fact shared by them, and not by a virus.

2) Install top antivirus software – any product from top 3 reviews is good. Cybersecurity researchers, backed up by top AI-techniques, usually detect most malware fairly quickly and effectively.

3) Use a VPN in public hotspots – this would protect you from hackers trying to see through your traffic, phishing for your credentials, credit card information and potential vulnerabilities they could use to infect your machine with malware.

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x