Kaspersky: Duqu 2 attack marks next step to age of "cyber terrorism"

Security firm warns of state-sponsored-style cyber attacks after discovering bug in own systems

Duqu 2, a sophisticated new computer worm, marks the "next step to the age of cyber terrorism", according to Kaspersky Lab founder Eugene Kaspersky.

His company only discovered the worm after it managed to hack into Kaspersky Lab's R&D centre, the CEO admitted at a press conference in London this afternoon, at which he called the bug "very bad news for the cyber security industry".

Duqu 2 marks the return of Duqu, an infamous piece of malware the world thought had died in 2011, which burrowed backdoors into software to spy on and steal private information.

It is thought that Duqu may have been created by the same team who wrote Stuxnet, which allegedly destroyed a fifth of Iran's nuclear power plant capabilities in 2010. However, while Duqu did infect computers in Iran, it did not target the country's nuclear programme or, seemingly, any particular industry at all.

Kaspersky said that the attack is very sophisticated and on a par with what might be expected from a state-sponsored attack, but added that does not automatically mean it was created by state actors.

"The reality is that many malware innovations were first of all used in state-sponsored attacks," he said. "The very complicated state-sponsored attacks educate the bad guys, [who are] getting more and more professional.

"Traditional crime has [also] come into cyberspace. Traditional crime employs hackers to develop attacks on SCADA in the production lines to steal products, [or on] transportation, like in Antwerp seaport, which was hacked and [the criminals] were unloading containers with cocaine from the ships to the safe area to bypass border control," Kaspersky explained.

He added: "Taking all that together ... what do we have? Cyber terrorism - attacks on critical infrastructure. I am afraid this attack is the next step to the age of cyber terrorism."

Aside from spying on Kaspersky, Duqu 2 also successfully targeted events and venues linked to the recent P5+1 negotiations between Iran, the US, UK, Germany, France, China and Russia regarding Iran's nuclear programme.

The Wall Street Journal claimed Duqu 2 is "widely believed to be used by Israeli spies", but Kaspersky admitted to IT Pro his firm had not been able to trace the worm back to its source yet.

"[This discussion] is very close to politics and we as an IT security company have to stay away from the political issues. We are here to share the technical details and information about their technologies, about their ways of infection, the complexity," he added.

Nevertheless, he said it was "a very bad indicator that these organisations were affected by the attack".

"This is bad news and it doesn't smell good," he concluded. 

Kaspersky Lab was able to detect Duqu 2 after testing a new anti-APT tool on its own infrastructure.

It discovered the attack had taken advantage of three zero-day vulnerabilities in the Windows Kernel, all of which have now been patched.

The analysis of the attack revealed that the main goal of the attackers was to spy on Kaspersky Lab technologies, its ongoing research and internal processes, but no interference with processes or systems was detected.

The company believes the Duqu 2 creators were confident their new and improved malware wouldn't be discovered.

The security firm said: "The targeting of security companies indicates that either they are very confident they won't get caught, or perhaps they don't care much if they are discovered and exposed. By targeting Kaspersky Lab, the Duqu attackers probably took a huge bet hoping they'd remain undiscovered; and lost."

It chose to reveal details of the malware today because Microsoft has now patched the vulnerabilities it took advantage of.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021