– It is a typical way to spread malicious code. An enticing substance is used for people to open a document that allows a system can be attacked. In precisely the case with Putin used the news to send e-mail to the Scandinavian authorities, says Jen Weedon, threat and intelligence chief at IT security company FireEye.
Where Sweden attacked?
– The entire region was, says Weedon.
According to Weedon had the attack originated in China. An email with a Word document consisting of the a news article for information about Putin’s “disappearance” was sent to selected recipients in the Nordic Foreign Service. The email also contained malicious software designed to give cyber-attackers access to government information.
The method is common, for example, has seen FireEye that malicious software often sent with e-mails containing information on major news events. One example mentioned the recent earthquake in Nepal and the disappearance of the Malaysian Airlines flight MH370.
– But in the case of Putin, it was tailor-made for the Nordic countries and the purpose was likely to come across information about foreign service and diplomatic discussions. There was no mass-mailing, says Jen Weedon.
“We are happy to share what we know to the police and the authorities.”
Jens Monrad, systems analyst at FireEye
The data on cyber-attacks emerge in a new report released today from FireEye. The company follows a total of about 100 groups who engage in hacking internationally. The Russian side is the Nordic authorities and energy companies that compete with Russian companies that are exposed to cyber attacks.
– Energy prices are now very important for Russia, as we have seen, intrusions designed to overcome inside- Information about product strategies, pricing and negotiating positions, says Jen Weedon.
As for Russia, one also sees connections between the intelligence groups working with political gathering through cyber-attacks and criminal networks that steals information from the company.
– We can not prove that this is so. But we have seen that the groups of intelligence reasons attacked NATO, Georgia and the OSCE are using similar infrastructure that the criminal groups that attack businesses, says Jen Weedon.
From the Chinese side directed attacks against the Nordic companies mainly against activities related to the Arctic. For example, when it comes to information about energy and new shipping routes.
Generally, figures from FireEye to medium duration that an attacker is inside the attacked computer systems, and have access to information before it is discovered now is 205 days.
Security companies are often criticized for exaggerating cyber threats to earn money. Comment?
– I will not speculate on what others do. But I’m quite confident to say that we do not. We are happy to share what we know to the police and authorities, says Jens Monrad, systems analyst at FireEye.
No comments:
Post a Comment