A group of cybercriminals believed to be Russian are exploiting a zero-day vulnerability to deliver malware and gather information from various organizations around the world.
Nation-states can now skip over costly and time-consuming R&D by stealing corporate and government data and turning that information into a competitive advantage.
The oil giant confirms that Stuxnet infected its network back in 2010, when the malware was first discovered - making Chevron the first U.S. company to admit it was struck by the virus.
Kurt Grutzmacher was planning to disclose and demo vulnerabilities in the networking products from Huawei and H3C, a subsidiary of HP.
Already famous for their sophistication, Flame and Gauss malware have yielded a new develompent. Dubbed MiniFlame, the component is deployed after Flame and Gauss already are installed on targeted machines.
Dell SecureWorks researchers believe recent attacks targeting oil and energy companies in various countries are connected to cyber criminals behind RSA's breach and the GhostNet esionage campaign.
Flame's cryptofunctionality silenced all the haters, says F-Secure's Mikko Hyppönen.
The Cybersecurity Act of 2012 was defeated in the Senate, FinFisher spyware analyzed, nation-state-created espionage malware Gauss, and other breaking security news
The latest evidence of cyber espionage weaponry could be a harbinger of nation-state assaults to come.
Flame, Stuxnet, breach at LinkedIn and other security news
Flame, aka Skywiper, is a sophisticated tool used to locate and steal data accessible from the infected computer. The malware uses multiple exploits to propagate and is highly configurable.
While the characteristics of the spy virus are important to note, the question is why it went undetected for so long.
Does the fact that the Flame malware stayed below the radar for so long prove that signature detection is dead?
While the investigation is just beginning into the massive espionage toolkit known as Flame, which has targeted computers, mainly in Iran, it is important to consider the consequences of this malware.
Private and public sectors must take seriously the need to share threat data to prevent cyber attacks, but a heavy-handed approach like CISPA places us at far greater risk as a country.
Much of the breach conversation over the past year has been devoted to so-called hacktivists. But nation-state adversaries, bent on looting organizations of intellectual property, are another breed entirely.
At a recent SC Magazine Roundtable, gov't security pros bemoaned the difficulty in obtaining resources. But instead of crying over spilled milk, they traded ideas for mitigating risk in a down economy.
Instead of spending billions of dollars to supply massive armies, today's adversaries hire code-writers to create attacks that run autonomously for years with little or no human intervention.
Sign up to our newsletters
SC Magazine Articles
- APT operation 'Double Tap' exploits serious Windows OLE bug
- 'DoubleDirect' MitM attack affects iOS, Android and OS X users
- Survey: real-time SIEM solutions help orgs detect attacks within minutes
- Android malware 'NotCompatible' evolves, spawns resilient botnet
- Vulnerabilities identified in three Advantech products
- Operators disable firewall features to increase network performance, survey finds
- Waste no time patching Windows Schannel, OLE bugs, experts warn
- Study: 68 percent of healthcare breaches caused by loss or theft of devices, files
- Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes
- Upping the ante: PCI Security Standard