Kaspersky: Duqu 2 attack marks next step to age of "cyber terrorism"
Security firm warns of state-sponsored-style cyber attacks after discovering bug in own systems
Duqu 2, a sophisticated new computer worm, marks the "next step to the age of cyber terrorism", according to Kaspersky Lab founder Eugene Kaspersky.
His company only discovered the worm after it managed to hack into Kaspersky Lab's R&D centre, the CEO admitted at a press conference in London this afternoon, at which he called the bug "very bad news for the cyber security industry".
Duqu 2 marks the return of Duqu, an infamous piece of malware the world thought had died in 2011, which burrowed backdoors into software to spy on and steal private information.
It is thought that Duqu may have been created by the same team who wrote Stuxnet, which allegedly destroyed a fifth of Iran's nuclear power plant capabilities in 2010. However, while Duqu did infect computers in Iran, it did not target the country's nuclear programme or, seemingly, any particular industry at all.
Kaspersky said that the attack is very sophisticated and on a par with what might be expected from a state-sponsored attack, but added that does not automatically mean it was created by state actors.
"The reality is that many malware innovations were first of all used in state-sponsored attacks," he said. "The very complicated state-sponsored attacks educate the bad guys, [who are] getting more and more professional.
"Traditional crime has [also] come into cyberspace. Traditional crime employs hackers to develop attacks on SCADA in the production lines to steal products, [or on] transportation, like in Antwerp seaport, which was hacked and [the criminals] were unloading containers with cocaine from the ships to the safe area to bypass border control," Kaspersky explained.
He added: "Taking all that together ... what do we have? Cyber terrorism - attacks on critical infrastructure. I am afraid this attack is the next step to the age of cyber terrorism."
Aside from spying on Kaspersky, Duqu 2 also successfully targeted events and venues linked to the recent P5+1 negotiations between Iran, the US, UK, Germany, France, China and Russia regarding Iran's nuclear programme.
The Wall Street Journal claimed Duqu 2 is "widely believed to be used by Israeli spies", but Kaspersky admitted to IT Pro his firm had not been able to trace the worm back to its source yet.
"[This discussion] is very close to politics and we as an IT security company have to stay away from the political issues. We are here to share the technical details and information about their technologies, about their ways of infection, the complexity," he added.
Nevertheless, he said it was "a very bad indicator that these organisations were affected by the attack".
"This is bad news and it doesn't smell good," he concluded.
Kaspersky Lab was able to detect Duqu 2 after testing a new anti-APT tool on its own infrastructure.
It discovered the attack had taken advantage of three zero-day vulnerabilities in the Windows Kernel, all of which have now been patched.
The analysis of the attack revealed that the main goal of the attackers was to spy on Kaspersky Lab technologies, its ongoing research and internal processes, but no interference with processes or systems was detected.
The company believes the Duqu 2 creators were confident their new and improved malware wouldn't be discovered.
The security firm said: "The targeting of security companies indicates that either they are very confident they won't get caught, or perhaps they don't care much if they are discovered and exposed. By targeting Kaspersky Lab, the Duqu attackers probably took a huge bet hoping they'd remain undiscovered; and lost."
It chose to reveal details of the malware today because Microsoft has now patched the vulnerabilities it took advantage of.
The ultimate law enforcement agency guide to going mobile
Best practices for implementing a mobile device programFree download
The business value of Red Hat OpenShift
Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShiftFree download
Managing security and risk across the IT supply chain: A practical approach
Best practices for IT supply chain securityFree download
Digital remote monitoring and dispatch services’ impact on edge computing and data centres
Seven trends redefining remote monitoring and field service dispatch service requirementsFree download