Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Duqu 2.0 hackers may have cracked Kaspersky to recon research

Gregg Keizer | June 12, 2015
Eugene Kaspersky, the Russian whose namesake company acknowledged that it had been infected with top-tier malware, struggled during a press conference to come up with reasons why the hackers targeted his firm.

And with more-than-public knowledge, hackers might be able to come up with ways to steer clear of security defenses like those employed by Kaspersky's customers.

But Eugene Kaspersky dismissed the idea that the hackers' presence within his company's network -- he said it had been hidden there at least several months -- would give them real clues about the vendor's technologies, even if they had obtained the source code, which they had not. "These technologies are quickly outdated," Kaspersky contended, saying that changes were constantly being applied.

"Maybe they were interested in some specific attacks we were working on," Kaspersky said. "Or maybe they wanted to see if we could catch them."

In a long blog post on Forbes, Kaspersky elaborated. "I can think of several reasons why someone might want to try to steal our technical data, but each one of them doesn't seem to be worth the risk" of being discovered, Kaspersky said.

Which is exactly what happened.

"Now we know how to catch a new generation of stealthy malware developed by them," Kaspersky wrote. "And the attackers are now back to the drawing board since we exposed their platform to the whole IT security industry. Moral considerations aside, that's hardly a good return on a serious investment with public money."

That latter line was a reference to Kaspersky's contention that Duqu 2.0 was created by a state-sponsored or state-run hacking crew.

Beardsley and Kaspersky agreed on one thing: Duqu 2.0 was top-of-the-line malware.

"It's very awesome for sure," said Beardsley. "It is definitely a milestone. It has a very modular framework, is able to swap out one zero-day for another, and uses new techniques for signaling and non-persistence."

Unlike most malware, Duqu 2.0 resides almost exclusively in memory, making it difficult for security software to detect it.

Which led Eugene Kaspersky to make an odd-but-effective suggestion about how to rid a network of the malware. "Technically, it's simple: Turn off the power and the system will be clean."

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.