Strider Hackers Launch Targeted Espionage Malware Campaign

By   ISBuzz Team
Writer , Information Security Buzz | Aug 10, 2016 03:30 am PST

Security researchers have found a previously unknown hacking group, Strider, that has been carrying out cyber espionage-style attacks against selected targets in Russia, China, Sweden and Belgium. In response to this news, IT security experts from Lieberman Software and ESET commented below.

Jonathan Sander, VP of Product Strategy at Lieberman Software:

Jonathan Sander“In uncovering the Strider cyberespionage group, Symantec has found an excellent example of today’s real enemy – a skilled, professional attacker with sophistication and drive. The general public, misinformed by movies and TV, generally pictures the cyber bad guy as loners after quick money or thrills. Though some of these hoodie-wearing basement dwellers still exist, they are not the real threat.

The real threat today comes from bad guys working with organized criminals, semi-legitimate companies, and with government backing to accelerate their agenda. This makes it a lot harder to discern intentions and identify these shadowy backers to trace what ulterior motive the organization has.

Protecting yourself from these sophisticated attacks is extremely difficult. As an individual, it means being constantly vigilant as you are online. No pop up should be ignored. No request for information, passwords, or downloading something should go unexamined. You must always ask yourself if what you’re being asked to do makes sense, and, if you can’t be confident it does, then you ask the security pros on your team for advice. It may feel like pestering to you when you do it, but a good security pro will appreciate pestering now versus breaches later.

Of course, as an organization, you need to make sure that your users have access to security pros and feel there is an open door policy to ask for help. Education for users so they know how to see something off as they make their way around online is also key. The Strider group was uncovered by using behavioral techniques, and this shows that traditional defences like firewalls and antivirus, while critical, are not enough. To combat today’s attacks, you must use a layered defense that looks at behavior, tales in data from every layer of your IT infrastructure, and proactively protects sensitive information and credentials through automation.”

Mark James, Security Specialist at ESET:

mark-james“Malware has many designs, typical malware we see around is created to harvest as much information as possible targeting as many victims as it can to achieve its goal. However, it can easily be created with a specific target in mind, it’s quite capable of picking and choosing its targets to ensure it harvests the correct information and ignoring those not on its target list.

Strider currently seems to mainly include organizations and individuals that would be of interest to a nation state’s intelligence services. Its goal is to spy and retrieve information from its targets, once installed on the machine it stealthily hides in the background logging keystrokes and attempting to steal files. Because of the nature of its target this could include all manner of sensitive information that could be used for nefarious purposes.

Organisations and individuals should protect themselves by making sure a good multi-layered regular updating internet security product is installed along with an up to date operating system, a good policy should be in force to manage and update applications making sure that any redundant apps are removed if no longer required. As always education is key in keeping your staff up-to-date on the typical threats doing the rounds and how they are delivered. Network and data monitoring would be a good practice to enable organisations to spot the early indicators of this and many other stealthy infections doing the rounds.”