command and control Archives

command and control

Must Read: How Russian Hackers Stole the Nasdaq – Businessweek

July 18, 2014 Paul Roberts

If there’s one story you should read this week, its Michael Riley’s extensive report over at Businessweek on the 2010 compromise of systems belonging to the Nasdaq stock exchange, “How Russian Hackers Stole the Nasdaq.” The incident was extensively reported at the time, but not in great depth. Obviously, the parties involved weren’t talking. And Nasdaq’s public statements about the compromise woefully downplayed its severity, as Riley’s report makes clear. Among the interesting revelations: the Nasdaq may have fallen victim to a third-party compromise – similar to the hack of Target earlier this year. In the case of Nasdaq, investigators from the FBI, NSA and (eventually) CIA found discovered that the website run by the building management company responsible for Nasdaq’s headquarters at One Liberty Plaza had been “laced with a Russian-made exploit kit known as Blackhole, infecting tenants who visited the page to pay bills or do other maintenance.” What’s clear is […]

Report: Hell is Unpatched Systems

June 2, 2014 Paul Roberts

One of the ‘subplots’ of the Internet of Things revolution concerns embedded devices. Specifically: the tendency of embedded devices to be either loosely managed or – in some cases – unmanageable. The future holds the promise of more, not fewer of these. That’s the gist of a piece I wrote for InfoWorld, and that you can read here. In short: we’re already seeing the beginning of a shift on the threat landscape. While attacks against traditional endpoints (like Windows desktops, laptops and servers) are still the norm, there are more stories each day about cyber criminal groups and malicious actors who are compromising non-standard endpoints like home wifi routers. In March, for example, the security consultancy Team Cymru identified a botnet consisting of some 300,000 compromised home routers and other in-home devices. The virus called “TheMoon” was also identified spreading between vulnerable home routers and other embedded devices. The […]

FireEye Report: Iranian Hacker Group Becoming More Sophisticated

May 14, 2014 Paul Roberts

A report from the security firm FireEye claims that hacking crews based in Iran have become more sophisticated in recent years. They are now linked to malicious software campaigns targeting western corporations and domestic actors who attempt to circumvent Internet filters put in place by the ruling regime. The report, dubbed “Operation Saffron Rose,”(PDF) was released on Tuesday. In a blog post accompanying the research, FireEye researchers say that it has identified a group of hackers it is calling the “Ajax Security Team” that appears to have emerged out of Iranian hacker forums such as Ashiyane and Shabgard. Once limited to website defacements, the Ajax team has graduated to malware-based espionage and other techniques associated with “advanced persistent threat” (APT) style actors, FireEye said. The researchers claim that the group has been observed using social engineering techniques to implant custom malware on victims’ computers. The group’s objectives seem to align with those […]