Global cyber war: New Flame-linked malware detected

 

Image from www.securelist.com

Source: Russia Today

http://rt.com/news/mini-flame-malware-kaspersky-519/

A new cyber espionage program linked to the notorious Flame and Gauss malware has been detected by Russia's Kaspersky Lab. The anti-virus giant’s chief warns that global cyber warfare is in “full swing” and will probably escalate in 2013.

The virus, dubbed miniFlame, and also known as SPE, has already infected computers in Iran, Lebanon, France, the United States and Lithuania. It was discovered in July 2012 and is described as “a small and highly flexible malicious program designed to steal data and control infected systems during targeted cyber espionage operations,” Kaspersky Lab said in a statement posted on its website.

The malware was originally identified as an appendage of Flame – the program used for targeted cyber espionage in the Middle East and acknowledged to be part of joint US-Israeli efforts to undermine Iran’s nuclear program.

But later, Kaspersky Lab analysts discovered that miniFlame is an “interoperable tool that could be used as an independent malicious program, or concurrently as a plug-in for both the Flame and Gauss malware.”

The analysis also showed new evidence of cooperation between the creators of Flame and Gauss, as both viruses can use miniFlame for their operations.

“MiniFlame’s ability to be used as a plug-in by either Flame or Gauss clearly connects the collaboration between the development teams of both Flame and Gauss. Since the connection between Flame and Stuxnet/Duqu has already been revealed, it can be concluded that all these advanced threats come from the same 'cyber warfare' factory,” Kaspersky Lab said.

High-precision attack tool

So far just 50 to 60 cases of infection have been detected worldwide, according to Kaspersky Lab. But unlike Flame and Gauss, miniFlame in meant for installation on machines already infected by those viruses.

“MiniFlame is a high-precision attack tool. Most likely it is a targeted cyber weapon used in what can be defined as the second wave of a cyber attack,” Kaspersky's Chief Security Expert Alexander Gostev explained.

“First, Flame or Gauss are used to infect as many victims as possible to collect large quantities of information. After data is collected and reviewed, a potentially interesting victim is defined and identified, and miniFlame is installed in order to conduct more in-depth surveillance and cyber-espionage.”

The newly-discovered malware can also take screenshots of an infected computer while it is running a specific program or application in such as a web browser, Microsoft Office program, Adobe Reader, instant messenger service or FTP client.

Kaspersky Lab believes miniFlame's developers have probably created dozens of different modifications of the program. "At this time, we have only found six of these, dated 2010-2011," the firm said.

‘Cyber warfare in full swing’

Meanwhile, Kaspersky Lab’s co-founder and CEO Eugene Kaspersky warned that global cyber warfare tactics are becoming more sophisticated while also becoming more threatening. He urged governments to work together to fight cyber warfare and cyber-terrorism, Xinhua news agency reports.

Speaking at an International Telecommunication Union Telecom World conference in Dubai, the anti-virus tycoon said, "cyber warfare is in full swing and we expect it to escalate in 2013."

"The latest malicious virus attack on the world's largest oil and gas company, Saudi Aramco, last August shows how dependent we are today on the Internet and information technology in general, and how vulnerable we are," Kaspersky said.

He stopped short of blaming any particular player behind the massive cyber attacks across the Middle East, pointing out that "our job is not to identity hackers or cyber-terrorists. Our firm is like an X-ray machine, meaning we can scan and identify a problem, but we cannot say who or what is behind it."

Iran, who confirmed that it suffered an attack by Flame malware that caused severe data loss, blames the United States and Israel for unleashing the cyber attacks.

Read More

Panetta: CISPA necessary to avert “Cyber-Pearl Harbor”

US Defense Secretary Leon Panetta (AFP Photo / Thierry Charlier)

Source: Russia Today

http://rt.com/usa/news/cyber-pearl-harbor-us-238/

The US faces widespread hacking attacks that could result in a “Cyber-Pearl Harbor,” Leon Panetta said. He invoked the greatest military disaster in US history to make the case for the CISPA bill, roundly criticized for violating privacy laws.

In light of this “pre-9/11 moment,” the US should act preemptively to protect “national interests in cyberspace,” the US Secretary of Defense said.

“A Cyber-Pearl Harbor that would cause physical destruction and the loss of life, an attack that would paralyze and shock the nation and create a profound new sense of vulnerability,” Panetta said during a speech at the Intrepid Sea, Air and Space Museum in New York. He claimed that cyber-attackers had developed new technologies that could knock out entire city power grids, derail trains and contaminate water supplies.

Panetta branded China, Russia and Iran, along with extremist military groups, the greatest cyber-threats to the US.

“An aggressor nation or extremist group could use these kinds of cyber tools to gain control of critical switches,” Panetta said. “They could derail passenger trains, or even more dangerous, derail passenger trains loaded with lethal chemicals.”

He did not elaborate on details about where or how these cyber-strikes would occur.

According to Panetta, the only way to effectively “protect the US democracy” is to pass a cybersecurity bill in Congress that enables the sharing of private information between companies and the government.

The US Senate voted against the Cyber Intelligence Sharing and Protection (CISPA) legislation amid complaints that it gravely violated personal freedoms and could be used to spy on citizens.

Despite the widespread opposition, the Obama administration said it would sign an executive order effectively forcing companies to instate new cybersecurity standards.

Mr. Panetta claimed the laws would not violate people’s rights or liberties, “but if there is a code, if there’s a worm that’s being inserted, we need to know when that’s happening,” he told the New York Times prior to his speech.
­

‘Defense alone is not enough’

“If we detect an imminent threat of attack that will cause significant physical destruction in the United States or kill American citizens, we need to have the option to take action against those who would attack us, to defend this nation when directed by the president,” Panetta said during the speech.

To this end, the US invested significant funds and research into developing techniques to pinpoint the origin of cyber-attacks, with the aim of striking preemptively in the name of “national cyber-security,” he said.

“There is no substitute for comprehensive legislation, [but] we need to move as far as we can in the meantime,” Panetta said. “We have no choice because the threat we face, as I’ve said, is already here.”

According to media reports, the US played a major part in the development of the Stuxnet and Flame viruses that attacked Iran’s nuclear program and extracted classified information.

The White House also confirmed that hackers linked to the Chinese government mounted a cyber-attack in October. The ‘spear-phishing’ attempt struck an unclassified network and failed to extract valuable data, although such attacks are “not infrequent,” officials said.

 

Read More