Kaspersky: Duqu 2 attack marks next step to age of "cyber terrorism"

Security firm warns of state-sponsored-style cyber attacks after discovering bug in own systems

Duqu 2, a sophisticated new computer worm, marks the "next step to the age of cyber terrorism", according to Kaspersky Lab founder Eugene Kaspersky.

His company only discovered the worm after it managed to hack into Kaspersky Lab's R&D centre, the CEO admitted at a press conference in London this afternoon, at which he called the bug "very bad news for the cyber security industry".

Duqu 2 marks the return of Duqu, an infamous piece of malware the world thought had died in 2011, which burrowed backdoors into software to spy on and steal private information.

It is thought that Duqu may have been created by the same team who wrote Stuxnet, which allegedly destroyed a fifth of Iran's nuclear power plant capabilities in 2010. However, while Duqu did infect computers in Iran, it did not target the country's nuclear programme or, seemingly, any particular industry at all.

Kaspersky said that the attack is very sophisticated and on a par with what might be expected from a state-sponsored attack, but added that does not automatically mean it was created by state actors.

"The reality is that many malware innovations were first of all used in state-sponsored attacks," he said. "The very complicated state-sponsored attacks educate the bad guys, [who are] getting more and more professional.

"Traditional crime has [also] come into cyberspace. Traditional crime employs hackers to develop attacks on SCADA in the production lines to steal products, [or on] transportation, like in Antwerp seaport, which was hacked and [the criminals] were unloading containers with cocaine from the ships to the safe area to bypass border control," Kaspersky explained.

He added: "Taking all that together ... what do we have? Cyber terrorism - attacks on critical infrastructure. I am afraid this attack is the next step to the age of cyber terrorism."

Aside from spying on Kaspersky, Duqu 2 also successfully targeted events and venues linked to the recent P5+1 negotiations between Iran, the US, UK, Germany, France, China and Russia regarding Iran's nuclear programme.

The Wall Street Journal claimed Duqu 2 is "widely believed to be used by Israeli spies", but Kaspersky admitted to IT Pro his firm had not been able to trace the worm back to its source yet.

"[This discussion] is very close to politics and we as an IT security company have to stay away from the political issues. We are here to share the technical details and information about their technologies, about their ways of infection, the complexity," he added.

Nevertheless, he said it was "a very bad indicator that these organisations were affected by the attack".

"This is bad news and it doesn't smell good," he concluded. 

Kaspersky Lab was able to detect Duqu 2 after testing a new anti-APT tool on its own infrastructure.

It discovered the attack had taken advantage of three zero-day vulnerabilities in the Windows Kernel, all of which have now been patched.

The analysis of the attack revealed that the main goal of the attackers was to spy on Kaspersky Lab technologies, its ongoing research and internal processes, but no interference with processes or systems was detected.

The company believes the Duqu 2 creators were confident their new and improved malware wouldn't be discovered.

The security firm said: "The targeting of security companies indicates that either they are very confident they won't get caught, or perhaps they don't care much if they are discovered and exposed. By targeting Kaspersky Lab, the Duqu attackers probably took a huge bet hoping they'd remain undiscovered; and lost."

It chose to reveal details of the malware today because Microsoft has now patched the vulnerabilities it took advantage of.

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

TsuNAME vulnerability could enable DDoS attacks on major DNS servers
distributed denial of service (DDOS)

TsuNAME vulnerability could enable DDoS attacks on major DNS servers

7 May 2021
Security researchers take control of a Tesla via drone
ethical hacking

Security researchers take control of a Tesla via drone

5 May 2021
New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021
Hackers could abuse legitimate Windows AD FS to steal data
Microsoft Windows

Hackers could abuse legitimate Windows AD FS to steal data

28 Apr 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021