Manila – IT security news  

Yes the main news is all about the WannaCry global ransomware attack that kicked off on 12 May 2017 encrypting user files till they paid a fee.

In other recent news emanated from the technology sector in Manila – a local software firm had unearthed the existence of a group of cyber criminals. These unsavoury individuals have been conducting espionage via a particularly virulent strain of malicious software. So far this has spread to an estimated 31 countries, with every indication that this tally is set to increase.

The so-called malware has been given the name ‘careto', this being the Spanish name for ‘mask'. The relatively innocuous-sounding component is actually reckoned to be one of the most advanced of its kind, and computer network managers throughout the world have every god reason to be treating the potential threat from this latest online baddie with the utmost attention.
According to one expert, a spokesman from Kaspersky Labs, who was summarizing a report published on its own computer security website: ‘the mask is one of the most advanced threats at the current time. This and several other factors make us believe this could be a state sponsored operation. We observed a high degree of professionalism in the operational procedures of the group behind this attack, including monitoring of their infrastructure, shutdown of the operation, avoiding curious eyes through access rules, using wiping instead of deletion for log files, etcetera. This level of operational security is not normal for cybercriminal groups'.
Exactly who is behind the mask software remains open to speculation. But the list of intended targets is both extensive and diverse. Over 1,000 IP addresses have been infected to date, with that number growing regularly. By far the most infected country has been Morocco with 380-plus instances, or over one-third of the total mask attacks. Other countries that have suffered similarly have been Brazil with 173 infections, the UK with 109, Spain with 61, France with 52, Switzerland 33, Libya 26, and the USA with 22. Those IP addresses that have been affected include websites relating to government institutions, foreign embassies and diplomatic offices, energy companies, research institutions and private equity firms.
Kaspersky went on to underline exactly how dangerous this type of viral infection could be for the respective network infrastructures. ‘For the victims, an infection with careto is disastrous. The malware intercepts all the communication channels and collects the most vital information from the infected system. Detection is extremely difficult because of stealth rootkit capabilities. In addition to built in functionalities, the operators of careto can upload additional modules which can perform any malicious task. Given the nature of the known victims, the impact is potentially very high'.
The mask has been out there since at least 2007, and could well have infected Windows, Apple, Linux and Android operating systems. This also includes the likelihood of having spread to mobile devices.
Given the increasingly complex nature of malware attacks, it goes without saying that computer security organizations must work doubly hard at keeping one step ahead. As has happened on numerous previous occasions, the lure of the substantial remuneration available from Apple or Microsoft might inspire many of these villains to jump ship and become ex-hackers working for the other side?

 

Top