Russian BlackEnergy malware targeting European countries

Discussion in 'malware problems & news' started by Minimalist, Sep 24, 2014.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,054
  2. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,024
    Location:
    The Netherlands
    OK so the conclusion is that stuff like UEFI Secure Boot, PatchGuard and Driver Signing Policy have indeed made it harder to develop stealthy kernel-mode rootkits. :thumb:

    From the article:

    "There could be several reasons behind this trend, ranging from the technical obstacles that rootkit developers now face, like Windows system driver signing requirements, UEFI Secure Boot – which will be covered by Eugene Rodionov, Aleks Matrosov and David Harley in their VB2014 presentation Bootkits: past, present & future – to the simple fact that it is difficult and expensive to develop such malware. Also, any bugs in the code have a bad habit of blue-screening the system. All the while, possibly even raising suspicion of the presence of malicious code rather than hiding it in the system."
     
  4. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    http://www.theregister.co.uk/2014/10/29/blackenergy_crimeware_pwning_us_control_systems_cert_warns/
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,024
    Location:
    The Netherlands
    I hate to repeat myself, but I do not think that security tools are the problem. It's the incompetent IT security staff that's the problem. Of course securing a network with hundreds of computers is a different ball game than securing a home network, but surely they must be able to do better.

    I've read about APT attacks carried out by China on other countries, and they are not using magic to infect networks. It's the same old RATs that are being installed via zero day exploits. So anti-exploit, sandboxing, HIPS and so on, should be able to stop this malware.

    http://en.wikipedia.org/wiki/Remote_administration_software
     
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,054
    http://threatpost.com/blackenergy-malware-plug-ins-leave-trail-of-destruction
     
  7. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    New observations on BlackEnergy2 APT activity
    https://securelist.com/blog/research/67353/be2-custom-plugins-router-abuse-and-target-profiles/
     
  8. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
  9. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,054
    BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry
    http://www.welivesecurity.com/2016/...tacks-ukrainian-news-media-electric-industry/
     
Loading...