Security researchers have been analyzing a potential new threat over the past few days that has been operating under the radar screen for at least two years. It's a Stuxnet-like malware that researchers are calling Flame and has turned up primarily in the Middle East and Eastern Europe.
We caught up with Bill Morrow, CEO and executive chairman of Quarri Technologies, to get his take on the latest, potentially massive, outbreak that started in Iran. He told us Flame claims to be the most sophisticated piece of malware to date.
"This piece of malware, whose purpose is to steal data, keystrokes and recorded conversations, is 20 times bigger than Stuxnet," Morrow said. "Flame appears to have been operating as early as 2010 and created around the same time as Stuxnet and Duqu, providing another example that cyber war and cyber espionage are ongoing concerns for many organizations."
Who Is Targeted?
According to Symantec, the code was not likely to have been written by a single individual but by an organized, well-funded group of people working to a clear set of directives. Certain file names associated with the threat are identical to those described in an incident involving the Iranian Oil Ministry, the firm noted.
"While our analysis is currently ongoing, the primary functionality is to obtain information and data. Initial telemetry indicates that the targets of this threat are located primarily in Eastern Europe and the Middle East," Symantec wrote in its Security Response blog.
Symantec said the industry sectors or affiliations of the individuals targeted are currently unclear, however, initial evidence indicates that the victims may not all be targeted for the same reason. Many appear to be targeted for individual personal activities rather than the company they are employed by.
Avoiding the Attack
Morrow said the best way for companies to avoid these sophisticated attacks such as Flame, Stuxnet and Duqu is to use a layered security strategy. That's because keyloggers, malware and cyberattacks have increased the potential for unauthorized access to, and information theft from endpoints. Having a browser security solution, he added, is imperative to a complete security strategy.
"Sophisticated malware can compromise Web sessions after the data has been decrypted, stealing login credentials as they are entered, transparently redirecting users to hostile sites and mining the session content. User names and passwords from Web sessions remain available in the authentication cache and vulnerable to leakage," Morrow said.
"Stuxnet, Duqu and Flame are great examples of an era in which we now live in where cyber war and cyber espionage are becoming more mainstream and successfully exploiting infected systems. And unfortunately, we can expect to see more of these types of threats grow in sophistication and regularity in the years to come."