Protecting your Company from State-sponsored Spying Malware

Stuxnet, Flame and now Gauss – three cases of malware that have lead specialists at SecureList.com and Kaspersky Lab to point the finger at nations

September 7, 2012

Stuxnet, Flame and now Gauss – three cases of malware that have lead specialists at SecureList.com and Kaspersky Lab to point the finger at nations who are using these sophisticated malware as  a way of launching attacks and surveillance on specific targets.

For years, the primary source of malware and viruses has been two main groups: hackers/hacktivists and cybercriminals. Malware and attacks created from these groups of individuals are commonplace and today’s digital security software is used to dealing with new threats from these sources.

The worrying factor is the rise of a third source of malware: nation states.

Countries are sponsoring malware attacks

The nature of the malware from nation states is not fundamentally different from hacktivists or cybercriminals, but the thought that sovereign nations are adding to the malware problem is worrying, especially considering  that the complexity and functionality of the malicious program exceeded those of all other cyber menaces known to date,” says Sergey Novikov, Head of the Global Research & Analysis Team at Kaspersky Lab.

The Flame attack toolkit is designed to intercept network traffic, record audio conversations, log keystrokes and screenshots and transmit this to operators at a control point. Imagine the impact of this if it accidentally got into a company and recorded and transmitted confidential intellectual property.

“It is these kinds of spill-over casualties that concern us and we are trying to illustrate to end users and resellers the importance of a quality digital security solution” remarked Lee Milroy, CEO of Secure Lab, local distributors of Kaspersky Lab products. “While we are impressed that Kaspersky Lab played an important role in detecting and exposing these viruses, it still doesn’t take away from the risk to businesses that countries are now using malware that can attack anyone.”

Business Security Strategies Offer Increased Protection

Software solutions such as Kaspersky End Point Security 8 do offer robust protection against these kinds of complex malware attacks. However, as Mr Milroy notes, deploying this without a proper IT security framework lowers its effectiveness.

“If you look at Flame’s main ways of spreading… it’s through either the Internet, email or an infected USB storage device. If businesses implement proper security strategies through limiting storage devices or even proper email policies, they dramatically improve the effectiveness of their anti-virus solution.”

Mr Milroy also noted that proper training and education on how software such as that offered by Kaspersky Lab is also an important part of increasing protection.

“You can’t protect yourself if your technicians don’t know how to use the software. Flame has the potential to spy on your entire enterprise by accident and if your IT department hasn’t deployed your anti-virus solution properly, then you’ve got a false sense of security.”

“It’s with a combined strategy of the right software, trained operators and a proper security policy that companies can rest easy against this form of state-sponsored digital attack. And these kinds of attacks are only going to get worse.”