Hervé
11th February 2017, 17:18
New Invisible 'File-Less' Cyber Malware Poses 'Unique Worldwide Threat' (https://sputniknews.com/science/201702111050581359-file-less-cyber-virus-poses-threat/)
Tech (https://sputniknews.com/science/) 18:50 11.02.2017
https://cdn3.img.sputniknews.com/images/102471/63/1024716349.jpg
© Photo: Pixabay
A new invisible type of malware, similar to what has previously been seen only in nation-sponsored cyberattacks, is infecting enterprises around the globe. This is according to the latest research made by Russian Cybersecurity Company - Kaspersky Lab. Radio Sputnik discussed the issue with Sergey Golovanov, Principal Security Researcher at the Lab.
“It is a really unique attack because it poses a worldwide threat. The trick with this file-less attack is that they do not need any executable file to run it on the computer. When you double click on it, it copies the file from the hard drive to the memory,” Golovanov said.
He further said that in this case the attackers are able to run the code directly to the memory through networks, so they don’t touch anything on the hard drive. The forensic analysis of the hard drive shows nothing. Talking about how they found this virus (http://sputniknews.com/asia/20170103/1049220903.html), Golovanov said that they had to use very hard and unique techniques to find it.
“Once we had a phone call from one of our customers, it’s a really big bank and they asked us for help because they had some suspicions. So we planned a business trip, went to the bank and started to capture memory from the big network and finally found the malware,” he said.
“When we started to extract the hard drive from the computer (http://sputniknews.com/science/20161026/1046763042.html), we found nothing. For us it was a mystery, like what the hell is going on here?” Golovanov said.
Other banks also started complaining about this issue and after a long period of decoding the team finally found the problem.
“We are still not sure how these attacks started and who the first victim of these attacks was,” the expert said.
Talking about what exactly this new malware does, Golovanov said that it extracts the passwords directly from the memory of the computer.
“Furthermore, depending on the structure of the network they can do whatever they want. If it is a big enterprise (http://sputniknews.com/science/20161130/1048024412.html) then it can extract documents, files and presentations,” the expert said.
He further spoke about how the attackers were using a technique called tunneling, which involves digging special tunnels inside the networks. Hence, whole transactions and all of the actions of the attackers were completely invisible to security measures. Looking at what the ultimate end game in this situation is, Golovanov said that one bank has already lost a huge sum of money because of this attack. The other targets of this attack were the telecom companies because the attackers need “clean computers to hide their activities.”
Talking about whether governments are at risk at the moment, the expert said that, “It is hard to tell because right now we are not able to attribute this attack to any group or any known criminal attackers. We don’t know who is behind it at the moment,” the expert concluded.
The so-called in-memory malware is primarily known for its ability to disappear after being installed on a server, making it almost impossible to detect.
Previously, hackers used it primarily to steal money from bank accounts. However, Kaspersky’s recent study shows that over 140 institutions worldwide have been infected with the invisible virus.
Related:
'I’m Afraid, Dave' - Global Havoc-Causing Mirai Malware Evolves, Adapts (https://sputniknews.com/world/201612101048387917-ios-mirai-malware-evolves/)
French Security System Thwarted Cyberattack During Socialist Primaries (https://sputniknews.com/europe/201701271050081657-socialist-primaries-cyberattacks/)
Tech (https://sputniknews.com/science/) 18:50 11.02.2017
https://cdn3.img.sputniknews.com/images/102471/63/1024716349.jpg
© Photo: Pixabay
A new invisible type of malware, similar to what has previously been seen only in nation-sponsored cyberattacks, is infecting enterprises around the globe. This is according to the latest research made by Russian Cybersecurity Company - Kaspersky Lab. Radio Sputnik discussed the issue with Sergey Golovanov, Principal Security Researcher at the Lab.
“It is a really unique attack because it poses a worldwide threat. The trick with this file-less attack is that they do not need any executable file to run it on the computer. When you double click on it, it copies the file from the hard drive to the memory,” Golovanov said.
He further said that in this case the attackers are able to run the code directly to the memory through networks, so they don’t touch anything on the hard drive. The forensic analysis of the hard drive shows nothing. Talking about how they found this virus (http://sputniknews.com/asia/20170103/1049220903.html), Golovanov said that they had to use very hard and unique techniques to find it.
“Once we had a phone call from one of our customers, it’s a really big bank and they asked us for help because they had some suspicions. So we planned a business trip, went to the bank and started to capture memory from the big network and finally found the malware,” he said.
“When we started to extract the hard drive from the computer (http://sputniknews.com/science/20161026/1046763042.html), we found nothing. For us it was a mystery, like what the hell is going on here?” Golovanov said.
Other banks also started complaining about this issue and after a long period of decoding the team finally found the problem.
“We are still not sure how these attacks started and who the first victim of these attacks was,” the expert said.
Talking about what exactly this new malware does, Golovanov said that it extracts the passwords directly from the memory of the computer.
“Furthermore, depending on the structure of the network they can do whatever they want. If it is a big enterprise (http://sputniknews.com/science/20161130/1048024412.html) then it can extract documents, files and presentations,” the expert said.
He further spoke about how the attackers were using a technique called tunneling, which involves digging special tunnels inside the networks. Hence, whole transactions and all of the actions of the attackers were completely invisible to security measures. Looking at what the ultimate end game in this situation is, Golovanov said that one bank has already lost a huge sum of money because of this attack. The other targets of this attack were the telecom companies because the attackers need “clean computers to hide their activities.”
Talking about whether governments are at risk at the moment, the expert said that, “It is hard to tell because right now we are not able to attribute this attack to any group or any known criminal attackers. We don’t know who is behind it at the moment,” the expert concluded.
The so-called in-memory malware is primarily known for its ability to disappear after being installed on a server, making it almost impossible to detect.
Previously, hackers used it primarily to steal money from bank accounts. However, Kaspersky’s recent study shows that over 140 institutions worldwide have been infected with the invisible virus.
Related:
'I’m Afraid, Dave' - Global Havoc-Causing Mirai Malware Evolves, Adapts (https://sputniknews.com/world/201612101048387917-ios-mirai-malware-evolves/)
French Security System Thwarted Cyberattack During Socialist Primaries (https://sputniknews.com/europe/201701271050081657-socialist-primaries-cyberattacks/)