HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 14 MINUTES AGO.
You are here: Home / Network Security / Kaspersky Looks Inside 'Epic' Attack
Build Apps 5x Faster
For Half the Cost Enterprise Cloud Computing
On Force.com
Kaspersky Lab Reveals a Look Inside Cyber-Espionage
Kaspersky Lab Reveals a Look Inside Cyber-Espionage
By Dan Heilman / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
AUGUST
07
2014



Where do cyberattacks come from, and what is their methodology? New research from Kaspersky Lab sheds light on those common questions, using a cyber-espionage operation as an example. Researchers at Kaspersky say they've kept tabs on an operation that was able to find its way into two spy agencies and hundreds of government and military targets in Europe and the Middle East over the past eight months.

The espionage operation, Epic Turla, is one of the most sophisticated ongoing cyber-espionage campaigns. The "Epic" project portion of Turla has been used since at least 2012, when it was first discovered, with the highest volume of activity observed in January-February 2014, according to Kaspersky.

Kaspersky Lab, based in Moscow, issued a report Thursday on Epic Turla at the Black Hat security conference in Las Vegas. Symantec Corp., the biggest U.S. security software maker, also planned to issue a report on Epic Turla at the conference.

Spyware Building Blocks

According to the cybersecurity researchers, the malware components of Turla are used in stages, and break down this way:

  • Epic Turla/Tavdig: An early-stage infection mechanism.
  • Cobra Carbon system/Pfinet (plus others): Intermediary upgrades and communication plug-ins, used to determine whether the target computer has information worth gathering.
  • Snake/Uroburos: High-grade malware platform that includes a rootkit and virtual file systems.
Most of Epic's targets are embassies, military, research and education organizations, pharmaceutical companies, and government entities. The latter category includes intelligence agencies along with ministries of interior, trade and commerce, and foreign/external affairs.

A majority of Epic's victims are in the Middle East and Europe. But Kaspersky also observed victims in other regions, including the United States. Kaspersky's experts counted hundreds of victim IP addresses in more than 45 countries, with France having the greatest number.

Breaches Discovered 'Almost Every Day'

We reached out to Kurt Baumgartner, principal security researcher at Kaspersky Lab, and asked him how well prepared for Epic Turla are U.S. organizations and agencies, considering that most of the attacks have been in other countries.

"It depends on the organization," Baumgartner told us. "We see stories almost every day about one breach or another. Some know very well not only what resources are on their network, but patch them well by monitoring traffic closely, etc."

How do the people behind Epic Turla go about their attacks? Mostly via zero-day exploits, social engineering (such as e-mail phishing) and "watering hole" techniques, an attack that compromises a popular Web site by inserting an exploit that results in malware infection to site visitors. (continued...)

1  2  Next Page >

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
ISACA® offers a global community of more than 115,000 IS/IT constituents in over 180 countries. We develop and deliver industry-leading certifications, education, research and business frameworks. We equip individuals to be leaders in the fast-changing world of information systems and IT - Learn More>
MORE IN NETWORK SECURITY
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
Sony is no stranger to breaches. Sony’s PlayStation Network was hacked in 2011 and attackers obtained 77 million user accounts. The latest attack comes against Sony Pictures Entertainment.

ENTERPRISE HARDWARE SPOTLIGHT
Doctor Who had K-9, the robot dog that accompanied him on adventures through space. Now, Mountain View has K5, a 5-foot-tall, 300-pound robot security guard patrolling in the Bay Area.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.