subscribe
Image Image Image Image Image Image Image Image Image Image
Scroll to top

Top

4 Comments

Kaspersky Labs Explains Red October: The Largest Cyber Espionage Case in History

Kaspersky Labs Explains Red October: The Largest Cyber Espionage Case in History
Roel Schouwenberg
Vote on Hacker News
Roel Schouwenberg

Roel Schouwenberg

Senior Anti-Virus Researcher at Kaspersky Lab
Roel joined Kaspersky Lab in 2004 as a Senior Technology Consultant for the BNL region. Since 2008, Roel has worked as a Senior Anti-Virus Researcher in North America. He is responsible for monitoring the regional malware situation and the analysis of the threat situation.

“According to our knowledge, never before in the history of ITSec has [a] cyber-espionage operation been analyzed in such deep detail … the research that we are publishing today is perhaps the biggest malware research paper ever.” -  Kaspersky Lab, January 2013

 

Red October is a high-level cyber-espionage campaign that infiltrated computer networks for 5 years at diplomatic, governmental and scientific research organizations mostly in Eastern Europe, Central Asia, Western Europe and North America – including the United States.

 

During the past several months we’ve been analyzing the malware, and have counted several hundreds of infections worldwide. The main purpose of the Red October operation appears to be the gathering of classified information and geopolitical intelligence; although it seems that the information gathering scope is quite wide. During the past five years, the attackers collected information from hundreds of high profile victims although it’s unknown how the information was used.  The primary victims were in all sorts of organizations ranging from embassies, governments to oil and gas, nuclear energy and research institutions.

 

We have observed the use of at least four different exploits for previously known vulnerabilities to gain access to information: one in MS Excel, two in MS Word and one in Java. The attackers initially gained access to networks by sending specially crafted spear phishing emails. These emails would entice the receiver to open the attached malicious document, which would then try to exploit a software vulnerability to silently install the malware.

 

Although we don’t know who the attackers are, we are highly confident that they’re Russian-speaking. That still doesn’t tell us anything about their whereabouts though – they could be located in Brooklyn, NY for all we know. But we do know their motivation is to steal as much information from as many devices as possible. There also seems to be a focus on political espionage more than any other type of espionage.

 

Red October is very well-executed, both from a creation and operation point of view. Considering cyber-warfare operations are highly developed attacks designed to undermine critical energy, finance, telecommunications and government cyber-network infrastructures worldwide, one of my biggest concerns, which is a concern shared by many, is the security of the infrastructures that control such systems: SCADA (supervisory control and data acquisition). Since SCADA systems are accessible via conventional computer networks, they are vulnerable to hackers.  Because of these concerns, Kaspersky Lab is developing a secure operating system for these systems.  This type of secure unit is the first step towards an efficient protection against cyber-warfare.

 

citizentekk NOTE: Read more about SCADA systems inside this issue from Bjorn Frogner, PhD in Nuclear Engineering.

 

In order to thwart cyber-attacks, collaboration and information sharing of mitigation techniques and countermeasures must be cultivated on a global and local level. By integrating defensive technologies with educational training and guidance, a more secure infrastructure will be created while also driving up the cost of cybercrime by making exploitation and cyber-attacks more expensive to conduct.

 

 

Vote on Hacker News

Comments

  1. Other countries censor content and not just rogue regimes such as the Iranian mullocracy. Poor people! http://www.baidu.com

  2. Touche. Solid arguments. Keep up the amazing work.

  3. Hello Web Admin, I noticed that your On-Page SEO is is missing a few factors, for one you do not use all three H tags in your post, also I notice that you are not using bold or italics properly in your SEO optimization. On-Page SEO means more now than ever since the new Google update: Panda. No longer are backlinks and simply pinging or sending out a RSS feed the key to getting Google PageRank or Alexa Rankings, You now NEED On-Page SEO. So what is good On-Page SEO?First your keyword must appear in the title.Then it must appear in the URL.You have to optimize your keyword and make sure that it has a nice keyword density of 3-5% in your article with relevant LSI (Latent Semantic Indexing). Then you should spread all H1,H2,H3 tags in your article.Your Keyword should appear in your first paragraph and in the last sentence of the page. You should have relevant usage of Bold and italics of your keyword.There should be one internal link to a page on your blog and you should have one image with an alt tag that has your keyword….wait there’s even more Now what if i told you there was a simple WordPress plugin that does all the On-Page SEO, and automatically for you? That’s right AUTOMATICALLY, just watch this 4minute video for more information at. Seo Plugin

Submit a Comment