Duqu 2.0 : Kaspersky Lab investigates hacker attack on its own network

images (3)Duqu is back. The Russian computer security company Kaspersky revealed to have detected in its own internal networks a program similar to malware that occurred in 2011. This new worm, dubbed “Duqu 2.0“, is considered the “most advanced in its category” by the anti-virus vendor. If Kaspersky is careful to identify a culprit, It believes that only a State Nation is able to design this software, It estimated at $ 50 million.

Attack’s discovery…

For Kaspersky, the people behind Duqu 2.0 were fully confident it would be impossible to have their clandestine activity exposed; however,they  did manage to detect it – with the alpha version of their  Anti-APT solution, designed to tackle even the most sophisticated targeted attacks.  The thinking behind it is a generation ahead of anything they had seen earlier – it uses a number of tricks that make it really difficult to detect and neutralize. Kaspersky’s Customers  have nothing to fear from a security point of view because this attack has been no incident on Kaspersky products and services.

Purpose of Attack …

The attackers were interested in learning about Kaspersky’s technologies, particularly:

The bad guys also wanted to find out about Kaspersky’s ongoing investigations and learn about Kaspersky’s detection methods and analysis capabilities. Since they are well known for successfully fighting sophisticated threats they sought this information to try stay under Kaspersky’s radar. According to Kaspersky ,  Attacker  now lost a very expensive technologically-advanced framework they had  been developing for years.

Who is behind the Attack ??? …

Kaspersky have found that the group behind Duqu 2.0 also spied on several prominent targets, including participants in the international negotiations on Iran’s nuclear program and in the 70th anniversary event of the liberation of Auschwitz. They are confident that the prevalence of this attack is much wider and has included more top ranking targets from various countries. The advantage is that They  will use this attack to improve their defensive technologies. Eugene Kaspersky confirm that, their  malware databases have not been affected, and that the attackers had no access to Kaspersky customers’ data.

Kaspersky don’t attribute attacks,  They claims to be  security experts and don’t have to involve in political way . However they think that Governments attacking IT security companies is simply outrageous: Governments and Company are supposed to be on the same side as responsible nations, sharing the common goal of a safe and secure cyberworld. If various murky groups – often government-linked – treat the Internet as a Wild West with no rules and run amok with impunity, it will put the sustainable global progress of information technologies at serious risk. Kaspersky once again call  on all responsible governments to come together and agree on such rules, and to fight against cybercrime and malware, not sponsor and promote it.

Several clues indicate the responsibility of Israel…

Athrought Israel denies its involvement , Nevertheless, several indicators suggest that it is involved in the design of Duqu 2.0. First, the first version of Duqu, dating from 2011, is itself a derivative of Stuxnet. The latter was developed by the United States in cooperation with Israel to attack Iran’s nuclear program, in particular centrifuges, to try to slow the efforts of Tehran, suspected of wanting to develop nuclear weapons.

In March, US officials claims  that Israel spied talks between the P5 + 1 and Iran in 2014, according to the Wall Street Journal. Israel has denied spying negotiations on the Iranian nuclear issue. “International news about Israel’s involvement in this affair are baseless,” said Israel . Austria and Switzerland, for their part, had already started investigations before the public revelations of Kaspersky.

images (5)

Why Duqu 2.0 ?  It Exploit three Zero-Day vulnerabilities …

Duqu is a sophisticated malware platform discovered by CrySyS Lab, and investigated by Kaspersky Lab in 2011. Its main purpose was to act as a backdoor into the system and facilitate the theft of private information. In 2011 Duqu was detected in Hungary, Austria, Indonesia, the UK, Sudan and Iran. There are clues that Duqu was used to spy on the Iran nuclear program and also to compromise Certificates Authorities to hijack digital certificates. These certificates were used to sign malicious files to evade security solutions.

Both discreet and versatile, it is composed of numerous modules, which enable it to collect a variety of information. It can for example operate microphones in hotel lifts that have them. . The worm exploits no less than three faults “zero-day”. These are flaws that are unknown and unprotected, in this case, in the Microsoft Windows operating system.

Scr : Kaspersky Lab

U.S. Blame China for Massiv Hack Attack

usa-versus-chinaFour million U.S. government workers hit by cyber breach. The information was revealed this Friday, June 5 by Washington. According to the Cybersecurity expert advising U.S. government this vast cyber-attack against the federal government appears designed to build a vast database in what could be preparation for future attacks by China against U.S.

The breach was initially thought to have affected the Office of Personnel Management and the Department of Interior, but government officials said hackers hit nearly every federal government agency. An assessment continues, and it is possible millions more government employees may be affected. The stolen information included Social Security numbers and performance evaluations.

Historically …

The detection of this “cyber-intrusion” dated April, but according to information obtained by the Washington Post to officials, who requested anonymity, the operation would have been fomented in December, just when the personnel management office was putting in place new safety procedures.

Failure to update software behind federal data breach…

The cybersecurity experts added that some government agencies have not been following the government’s own best practices for cybersecurity, such as updating operating systems with latest protections.

Security researchers have pointed to a cyber tool or family of malicious software called Derusbi that has been linked exclusively to Chinese actors.

Chinese Cyber espionage…

According to Analysts and Experts , other Chinese entities, including the military,may also be involved in the campaign, Chinese government hackers “are like a vacuum cleaner” in sucking up information electronically, “They’re becoming much more sophisticated in tying it all together. And they’re trying to harm us.”

China dismissed the allegation of hacking as “irresponsible and unscientific.” Chinese Foreign Ministry spokesman Hong Lei said Beijing wanted to cooperate with other nations to build a peaceful and secure cyberspace : “We wish the United States would not be full of suspicions, catching wind and shadows, but rather have a larger measure of trust and cooperation,”.

The big-data approach being taken by the Chinese might seem to mirror techniques used abroad by the NSA, which has come under scrutiny for its data-gathering practices under executive authority. But in China, the authorities do not tolerate public debate over the proper limits of large-scale spying in the digital age.

EINSTEIN Detection System…

Employees of the legislative and judicial branches and uniformed military personnel were not affected.

The federal personnel office learned of the data breach after it began to toughen its cybersecurity defense system. When it discovered malicious activity, authorities used a detection system called EINSTEIN to unearth the information breach in April, the Department of Homeland Security said. A month later, the federal agency learned sensitive data had been compromised.The FBI is investigating what led to the breach.

src: cnn, washingtonpost