The anatomy of a nation-state hack attack

0
970
A Chinese man faces years in jail after admitting helping hackers get at the computer systems of aviation firms such as Boeing

Cyber-security is not all about cyber-thieves. It is about cyber-spies too.

Mixed in among the spam, phishing messages and booby-trapped emails that land in your inbox might be the odd message crafted by hackers working for a government rather than a group of criminals.

Unfortunately, those messages are not odd in any other way. They look like every other net-borne threat. That is because the creators of these malicious programs usually exploit the same software vulnerabilities as mainstream malware, they can travel via the same hijacked PCs and they prey on the same human frailties that make the more typical stuff so successful.

Security companies have a hard time spotting them too, said Jordan Berry, a strategic intelligence analyst at security firm FireEye. Not least because the samples of malware cooked up by hackers backed by nation-states are small in number.

And, he said, the methods they use to infiltrate targets vary widely. Sometimes nations will dedicate a lot of time, talent and money to creating malware to work on their behalf.

That was the case with Stuxnet – a worm created to sabotage Iran’s nuclear programme. Analysis of its electronic innards show it is a precision-guided weapon that probably took months to create. Stuxnet used four separate, previously unknown software vulnerabilities and only sprang into life when it found itself on a network with a very specific configuration.

Other similarly complex threats include Flame, Gauss, Regin and PlugX.

But, said Mr Berry, not every attack employs such finely crafted malware.

“Sometimes they may not need to use the big guns,” he said. “so they use something just to get the job done.”

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here