A CRITICAL a CRITICAL Deploys First-Ratepractice to Infrastructure Ensurecritical Best with Grapples How Industry the CBEST? What’S Wrong with P19

Home , Duqu

JULY-AUGUST 2015WWW.SCMAGAZINEUK.COM THREAT A CRITICAL A CRITICAL deploys first-ratepractice to infrastructure ensurecritical best with grapples how industry The CBEST? What’s wrong with P19

remains atopic of debate for the lack of women in IT security Changes are afoot, while the reasons security Women in national infrastructure are growing a concern as SCADAas systems set to present even more of problem a Attacks on critical critical on Attacks become internet enabled

P21

2 MINUTES ON...

possibly in a way that ensured nothing was Duqu 2.0: a massive advance written to the system, so that when the system was rebooted it would be almost As APT sophistication grows we’re all at risk – impossible to detect. This leads some to think that it’s impos- 2014 even security vendors sible for Kaspersky Lab to know what information was compromised. BREACH he news last month (June) that So this was a super-sophisticated zero- So what are the likely long-term ramifi- Kaspersky Lab, one of the leading day attack but the method of entry into cations of this attack on the industry and Tinternational cyber-security compa- the network was distinctly old-school – an Kaspersky Lab? HIGHLIGHTS nies, was hit by a “next-generation” mal- email attachment – which was sent to one Gautam Aggarwal of Bay Dynamics is ware attack is an indication of both how of the company’s sales representatives, one expert who believes we haven’t seen far we have come in cyber-warfare and purportedly from a customer or trusted the end of this story. He says there are how much further we still have to go. supplier. similarities to what happened to RSA Businesses large & small Eugene Kaspersky, founder of Kaspersky The in 2011 in which over 100,000 OTP Lab, is certain that the software used in industry will authentication tokens were stolen. Weeks - Your chance of attack the attack represents version 2.0 of Duqu. be alarmed later Lockheed Martin was attacked by Risk of being targeted According to Kaspersky Lab’s analysis of that a someone using legitimate usernames and 42.8 m detected increase 39% 1 in 2.3 Duqu 2.0, it is highly sophisticated company OTP tokens, enabling them to steal secret attacks in 48% 50% in incidents since 2013. Large Enterprises malware which shows all the signs of with blueprints. 2014. (>2,501 employees) having been crafted by someone with the Kaspersky Aggarwal speculates that the Kaspersky 31% 19% Medium Businesses resources of a nation-state behind them. Lab’s attackers could be looking for vulnerabili- (251 -2,500 employees) increase Duqu 1.0 is a malware discovered expertise ties in the Kaspersky secure OS to be able 40% of the largest 91% 1 in 5.2 breaches took place. 31% Small Businesses 30% in 2011 by the Budapest University of found itself to launch attacks on client sites. in targeted attacks. (1-250 employees) Technology and Economics in Hungary. Eugene Kaspersky’s invaded in As damaging as it might be to admit to 2012 2013 Thought to be related to the Stuxnet company attacked by this way. being hacked in this way, Kaspersky Lab could have worm, it got its name from the prefix Duqu 2.0. Eugene has clearly decided to own this story by 37% 90% been prevented. “~DQ” it gave to the names of files it Kaspersky blames modern operating sys- releasing it on its own terms. Kaspersky due to insider threats. created. tems and their distinctly archaic security. said the company has shared the infor- As Eugene Kaspersky has been at pains “Unfortunately modern operating sys- mation with its technology partners, law to explain, Duqu 2.0 is a massive advance tems were designed in a way, based on enforcement agencies and customers. on Duqu 1.0, exploiting three zero-day ideas and architecture of 40 to 50 years It has won plaudits for being open, with vulnerabilities, spreading through the sys- ago, and they are not immune to this kind a company official telling SC that this is What attacker presents the greatest 229 tem using MSI files, not creating or modi- of attack,” Kaspersky told SC during a live proof of the company’s commitment to cyber threat to your organisation? fying any disk files or system settings and video interview. transparency. average No. of days existing almost totally in memory. If there’s one part of this attack that Discovering this vulnerability is also a 37% threats sit on network Other cyber-security experts are in Eugene Kaspersky is downplaying, it’s the success story of sorts. Although Duqu 2.0 agreement about its sophistication. “After value of the information that the hackers remained undetected for months, it was 28% before detected reviewing the technical analysis from managed to get from his network. discovered while the company was test- 19% Kaspersky, it’s safe to say that Duqu 2.0 Although the attackers were in the net- ing a new APT detection tool on its own 18% represents both the state of the art and the work for months, exfiltrating data about servers, a fact that Eugene Kaspersky was minimum bar for cyber-operations,” Tod Kaspersky Lab research and processes, he more than happy to share. Longest presence: Beardsley, engineering manager at Rapid7, insists that anti-malware software is evolv- As SC went to press, further concerns 2% 1% told SC Magazine UK. ing so quickly that the value of the infor- arose as it seems Duqu 2.0 successfully hid Malicious Criminal State Hacktivists Loneworker Other Such was its stealthiness, Kaspersky mation to the hackers is decaying rapidly. behind a legitimate digital certificate stolen insider syndicates sponsored hacker attacker 2,287 DAYS believes the attackers were confident that Industry experts aren’t so sure. By its from Foxconn, potentially undermining they would not be discovered. nature, Duqu 2.0 operated in memory, certificate credibility. – Source: www.cyberseer.net

8 SC •July-August 2015 • www.scmagazineuk.com www.scmagazineuk.com • July-August 2015 • SC 9