News briefs: Kaspersky Lab discusses APT group, Axiom linked cyberattack against Anthem
Threat intelligence firm ThreatConnect uncovered connections between a Chinese cyberespionage group, called Axiom, and the cyber attack against health insurer Anthem.
» Kaspersky Lab uncovered what it believes to be the most advanced threat actor the research team has ever seen. According to researchers, the “Equation” group targeted governments, militaries and financial institutions in more than 30 countries around the globe, including the U.S., and the gang's data retrieving activities may date back to 1996. Early reports suggested that the Equation group and the NSA were closely linked, if not one and the same, and Kaspersky noted that the gang's most impressive malicious technique was infecting hard drive firmware.
» Researchers disclosed a new SSL/TLS vulnerability, dubbed “FREAK,” which enables attackers to intercept HTTPS connections between vulnerable clients and servers and forces the use of “export-grade” cryptography that can more easily be decrypted. In early March, analysts shared that vulnerable clients include “many Google and Apple devices” that use unpatched OpenSSL, as well as a “large number” of embedded systems and other software products using TLS “behind the scenes without disabling the vulnerable cryptographic suites.”
» An Arlington, Va.-based security firm uncovered connections between a Chinese cyberespionage group, called Axiom, and the cyber attack against health insurer Anthem. The Anthem breach, which surfaced in early February, exposed the personal information of 78.8 million consumers, including Anthem and Blue Cross Blue Shield (BCBS) members. Threat intelligence firm ThreatConnect found that malware used in a 2013 attack against BCBS was signed with the same digital signature used to spread other Chinese APT malware. Suspicious domains which appeared to mimic Anthem's infrastructure were also linked to the distribution of a backdoor program used by the APT attackers, ThreatConnect found.
» A hacker group stole as much as $1 billion from 100 banks in 30 countries by distributing a remote backdoor via spear phishing emails targeting bank employees, Kaspersky Lab revealed in February. The group, called Carbanak, is believed to be the same gang that breached Staples last fall. Based on information gathered from its own research in addition to info from law enforcement agencies, including INTERPOL and Europol, Kaspersky Lab said that losses ranged from up to $10 million per bank. Rather than aiming their attacks at accounts belonging to customers, the miscreants went after central sources, such as e-payment systems and banks primarily in Russia, but also in the U.S., Germany and China.
» Computer maker Lenovo came under fire for shipping adware-laden laptops to consumers. Furthermore, data security experts with knowledge of the pre-installed adware, called Superfish, revealed that the software leaves users vulnerable to man-in-the-middle (MitM) attacks that break HTTPS security. After facing backlash in February, Lenovo apologized for the security blunder and told customers that it had stopped preloading the adware on its laptops. The incident prompted the Electronic Frontier Foundation (EFF) to publish a how-to on uninstalling Superfish and removing the certificate, as the adware installs its own root CA certificate in Windows systems.
» Erratum: In last month's Two Minutes On column, we reported that, according to Gartner, IT security spending would reach the $76.9 million mark in 2015. That figure should, of course, be $76.9 billion.