Paranoid Technology All things cybersecurity


Symantec Research Discovers a New APT

Almost 24 hours ago Symantec Security researchers published a report on a new APT dubbed Reign. The new threat is a five stage advanced piece of malware (each stage is hidden and encrypted, with the exception of the first stage) , seemingly it has been used in systematic spying campaigns against a range of international targets since at least 2008. A back door-type Trojan, Reign is a complex piece of malware whose structure displays a degree of technical competence rarely seen. Customizable with an extensive range of capabilities depending on the target, it provides its controllers with a powerful framework for mass surveillance and has been used in spying operations against government organizations, infrastructure operators, businesses, researchers, and private individuals. Read the full article here.

View the technical paper here.


Red October Cyber Espionage Ring

large-red-october We thought it started with StuxNet and/or Flame - Red October cyber espionage ring has been in operation for 5 years, deep undercover. It targeted most major European governments, diplomatic offices all over the world. The most interesting thing this may not be a state sponsored attack, or so far it seems. During its 5 year existence Red October downloaded hundreds of terabytes of data to its operators. Who is behind this operation is currently unclear. Kaspersky Labs uncovered this espionage ring; senior Kaspersky researcher Roel Schouwenberg told SecurityWatch:...


“Olympic Games” to include Cyber Warfare ;-)

Who knew?!! Stepped up by President Obama apparently "Olympic Games" was the code name for the cyber warfare program initiated under President Bush. According to the experts the program caused havoc at the Iranian nuclear facilities in Natanz and set back Iran in its enrichment efforts about 18 months to 2 years. It is not clear at this time if Iran is working on some retaliatory cyber weapon, but if not Iran someone else will attack our infrastructure sometime soon - and the utilities companies should seriously consider spending some major cash on fortifying systems that are on the field.

Read the article at NY Times.


On Flame Computer Virus

Have you heard about Stuxnet the sequel; Flame!?? It is a 20MB in size, modular computer malware used for industrial espionage in the Middle East; there are also some sightings of it in Europe. Here is a bit from Kevin Mitnick on Flame - Even though he mispronounces nuclear - it is good to hear from him after a while!


More on Symantec’s pcAnywhere

In an earlier post "Symantec admits being hacked in 2006" we have covered the pcAnywhere source code breach. Yesterday Symantec took some solid steps to remediate the potential problems and urged its customers not to uninstall the software. In an updated pcAnywhere security whitepaper Symantec stated:
"To limit risk from external sources, customers should host remote sessions via secure VPN tunnels, instead of using pcAnywhere Access Server.



Cridex Trojan breaks Yahoo Captcha

And it has happened, captcha is proven not to be so bot proof after all. A Trojan named Cridex was able to crack Yahoo E-mail's captcha in 6 attempts... See the video of the bot in action (courtesy of Websense Labs):