Thursday, June 11, 2015

computers and networks (in)security

Kaspersky Lab cybersecurity firm is hacked - BBC News
"One of the leading anti-virus software providers has revealed that its own systems were recently compromised by hackers...
Kaspersky Lab said that it had detected the breach in the "early spring", and described it as "one of the most sophisticated campaigns ever seen".

The malware does not write any files to disk, but instead resides in affected computers' memory, making it relatively hard to detect.
Kaspersky linked the attack to the unidentified creators of an earlier Trojan named Duqu, which made headlines in 2011 after being used in attacks on Iran, India, France and Ukraine.

As before, the hackers are said to have exploited Microsoft software to achieve their goal.
Last time they made use of a flaw in Word.
This time, Kaspersky said, the malware was spread using Microsoft Software Installer files, which are commonly used by IT staff to install programs on remote computers.

"This highly sophisticated attack used up to three zero-day [previously unknown] exploits, which is very impressive..."