Friday, 15 July 2016

Experts found a government malware on the Dark Web

 Lorenzo Bicchierai from Motherboard reported a disconcerting news, a sophisticated strain of government-made malware was found on a forum on the Dark Web. The tool was designed to target critical infrastructure, it is a reconnaissance malware that could be used in a first stage to attack against an energy grid system.
The disconcerting aspect of the story is that the such kind of malware are not available in the black market, they are a prerogative of well-founded ATP groups.
Recently security experts from security firm SentinelOne have spotted a malware dubbed Furtim that was involved in an attack against one European energy firm. The threat is highly sophisticated that could be used to exfiltrate data from target systems and “to potentially shut down an energy grid.”

Udi Shamir, chief security officer at SentinelOne told to MotherBoard that is very strange to find a so complex malware on a hacking forum.
it was very surprising to see such a sophisticated sample” appear in hacking forums, he explained to Motherboard.
Shamir pointed out that the Furtim malware is the result of a significant effort of state sponsored hackers involved in cyber espionage operations.
The authors of the Furtim threat designed the malware to avoid common antivirus solutions, as well as a virtualized environment and sandboxes used to analyze malicious codes.

Unfortunately critical infrastructure worldwide are still too vulnerable to cyber attack, the recent NIS directive passed by the EU establishes minimum requirements for cyber-security on critical infrastructure operators.
In the past malware-based attacks already targeted critical infrastructure, let’s think of the Stuxnet virus used against the Iranian enrichment program or the BlackEnergy malware used to target company in the energy industry. Experts speculated that the BlackEnergy was also involved in theUkrainian outage.
Who it behind the Furtim  malware, Shamir confirmed that is the work of a government, likely from Eastern Europe. The unique certainly it that this group has significant resources and skills.

Thursday, 14 July 2016

Chinese businessman gets nearly 4 years in US prison for hacking case

Image result for fighter jet cockpit
A Chinese businessman has been sentenced to nearly four years in prison for conspiring to hack the computer systems of Boeing and other US defense contractors to steal military technical data.
Su Bin, a Chinese national and the owner of a Chinese aviation technology company, was sentenced Wednesday in US District Court in Los Angeles to 46 months in prison. Bin, 51, had faced up to 30 years in prison before pleading guilty in March to a federal charge of conspiracy to unlawfully access computers in the United States. The sentence comes amid heightened tensions between the two nations over computer espionage.
Su worked with the two unidentified hackers in China between 2008 and 2014, instructing them on what data to target and transmit to state-owned Chinese companies. The trio stole 65 gigabytes of sensitive information related to fighter jets such as the F-22 and the F-35 as well as Boeing's C-17 military cargo aircraft program, the Justice Department said.
"Su Bin's sentence is a just punishment for his admitted role in a conspiracy with hackers from the People's Liberation Army Air Force to illegally access and steal sensitive U.S. military information," Assistant Attorney General Carlin said in a statement. "Su assisted the Chinese military hackers in their efforts to illegally access and steal designs for cutting-edge military aircraft that are indispensable to our national defense."