Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 29 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Researchers dismiss Mask research, say it relies on historical technology

by The Gurus
June 12, 2014
in Editor's News
Share on FacebookShare on Twitter

Modern malware campaigns use classic techniques, despite claims of sophistication.
 
According to researchers at Context Information Security, there are classic virus techniques at the heart of The Mask, or Careto, espionage malware. Despite being described by Kaspersky as one of the “most advanced global cyber-espionage operations to date” and widely attributed to sophisticated, state sponsored cyber attacks, Context claimed that the malware appears to rely on technology plucked out of the history books.

Kevin O’Reilly, senior researcher at Context, said: “While hidden in the complexity of the malware, Careto/The Mask uses the well-known technique of infecting the first executable that loads when Windows boots.

“This discovery seems to suggest that old tricks are sometimes the best and also begs the question; is this a nod of respect to the virus writers who wreaked havoc in the 1990s, or have they come out of retirement to develop a new nation-state cyber-weaponry arsenal?”

When it was announced in February by Kaspersky Lab, it was said to have been active over the past seven years and targets Government institutions, diplomatic offices and embassies, energy, oil and gas companies, research organisations and activists in more than 31 countries. An intelligence-gathering piece of malware, it collects office documents, various encryption keys, VPN configurations, SSH keys (serving as a means of identifying a user to an SSH server) and RDP files (used by the Remote Desktop Client to automatically open a connection to the reserved computer).

The Mask uses multiple vectors for attack, including at least one Adobe Flash Player exploit from 2012. Kaspersky said that what makes The Mask special is the complexity of the toolset and a customised attack against older Kaspersky products in order to hide in the system.

In defence of its research, David Emm, senior regional researcher, UK of the Kaspersky Lab Global Research & Analysis Team, told IT Security Guru that Kaspersky stands by its assessment of this malware as ‘one of the most advanced threats at the current time’, notwithstanding any ‘old school’ technique used in one aspect of the malware.

He said: “I don’t think the strategy of infecting files – or executable code loaded from a system sector – that load early in the boot process ever disappeared. The series of ‘bootkits’ we’ve seen in recent years (e.g. Sinowal) testifies to this.

“The Context comment calls to mind Eugene’s comments at the time that MiniDuke appeared– specifically relating to the inclusion of old school code reminiscent of the 29A group.”

O’Reilly also said that now that this malware campaign has been discovered, anti-virus vendors have added detection to their products, so it is no longer a real risk. “The historical attack vector was targeted phishing emails or spear phishing with infected attachments, but is unlikely that this is still happening using this specific toolset. What is unclear is whether this is a one off or a trend to watch out for.”

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Feedly face DDoS, but refuse to pay attacker's ransom demand

Next Post

Australia and USA strike closer cyber defence alliance

Recent News

Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023
Lupovis eliminates false positive security alerts for security analysts and MSSPs

Lupovis eliminates false positive security alerts for security analysts and MSSPs

January 26, 2023
Threat actors launch one malicious attack every minute

Threat actors launch one malicious attack every minute

January 25, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information