background preloader

How the NSA's Firmware Hacking Works and Why It's So Unsettling

How the NSA's Firmware Hacking Works and Why It's So Unsettling
One of the most shocking parts of the recently discovered spying network Equation Group is its mysterious module designed to reprogram or reflash a computer hard drive’s firmware with malicious code. The Kaspersky researchers who uncovered this said its ability to subvert hard drive firmware—the guts of any computer—“surpasses anything else” they had ever seen. The hacking tool, believed to be a product of the NSA, is significant because subverting the firmware gives the attackers God-like control of the system in a way that is stealthy and persistent even through software updates. The module, named “nls_933w.dll”, is the first of its kind found in the wild and is used with both the EquationDrug and GrayFish spy platforms Kaspersky uncovered. It also has another capability: to create invisible storage space on the hard drive to hide data stolen from the system so the attackers can retrieve it later. Here’s what we know about the firmware-flashing module. How It Works Go Back to Top.

Dealing with CryptoLocker ransomware | NetSafe Security Central If you see this CryptoLocker image on your computer screen disconnect your computer from the internet immediately by removing your network cable or turning off the wireless connection. Also disconnect USB storage devices or network shares and turn off any cloud backup services you may use such as Dropbox or Office 365. Significant numbers of New Zealanders have been dealing with ransomware during 2013. Ransomware is a form of malicious software or ‘malware’ which demands payment to unlock your computer and can often prove difficult to clean up or remove from both PCs and Macs. CryptoLocker ransomware is the latest variant that now encrypts the files on your computer using a powerful algorithm that cannot be defeated without paying the sum asked for by the cyber criminals. If your computer is infected with CryptoLocker and you do not have a recent backup of your files your only option is to pay anywhere up to $750NZD to decrypt your data. How are users affected? Registry Indicators:

Equation: The Death Star of Malware Galaxy Download "Equation group: questions and answers" PDF "Houston, we have a problem" One sunny day in 2009, Grzegorz Brzęczyszczykiewicz1 embarked on a flight to the burgeoning city of Houston to attend a prestigious international scientific conference. A rendezvous with the "God" of cyberespionage It is not known when the Equation2 group began their ascent. The #EquationAPT group is probably one of the most sophisticated cyber attack groups in the world #TheSAS2015Tweet Since 2001, the Equation group has been busy infecting thousands, or perhaps even tens of thousands of victims throughout the world, in the following sectors: Government and diplomatic institutionsTelecomsAerospaceEnergyNuclear researchOil and gasMilitaryNanotechnologyIslamic activists and scholarsMass mediaTransportation Financial institutionsCompanies developing encryption technologies The #EquationAPT group interacted with other powerful groups, such as the #Stuxnet and #Flame groups #TheSAS2015Tweet DoubleFantasy: Fanny:

Self-deleting malware targets home routers to gather information March 11, 2015 Attackers could be using VICEPASS for reconnaissance, or for future cross-site request forgery attacks. Researchers with Trend Micro have analyzed malware that first connects to home routers and scans for connected devices, and then sends the information it gathers to a command-and-control (C&C) server before deleting itself without a trace. The malware was detected by Trend Micro as TROJ_VICEPASS.A, or VICEPASS, and it has been observed infecting users that navigate to malicious websites hosting a purported Adobe Flash update, according to a Monday post by Kenney Lu, of Trend Micro. Once downloaded and executed, the malware uses a predefined list of usernames and passwords to attempt to connect to the home router, Lu wrote. “This malware appears to be used primarily for intelligence gathering,” Lu told SCMagazine.com in a Tuesday email correspondence. Lu said that the malware “will affect every device in the target network.

Malware targets gamers, holds high scores hostage A new type of malware is playing with gamers. The ransomware, described by a researcher at cybersecurity company Bromium, affects at least two dozen popular games, locking players out until they pay to open up their saved games, add-ons and scores. Ransomware has been a rising trend among cyberattackers over the last couple years. The name comes from the fact that the malware infects your computer and then takes over, requiring payment to let you back into your files. Earlier this year, readers of the Huffington Post and other sites were victims of rasomware that made its way onto their machines via infected advertisements. Bromium said on its blog that this is the first time it's seen gamers being targeted by ransomware. The infected games include Call of Duty, Minecraft, Half-Life 2, Assassin's Creed, Resident Evil 4 and Bioshock 2, as well as the online game World of Warcraft. © 2015 CBS Interactive Inc.

What are malware, viruses, Spyware, and cookies, and what differentiates them ? What are malware, viruses, Spyware, and cookies, and what differentiates them ? "Malware" is short for malicious software and used as a single term to refer to virus, spy ware, worm etc. Malware is designed to cause damage to a stand alone computer or a networked pc. So wherever a malware term is used it means a program which is designed to damage your computer it may be a virus, worm or Trojan. Worms:- Worms are malicious programs that make copies of themselves again and again on the local drive, network shares, etc. The only purpose of the worm is to reproduce itself again and again. Examples of worm are: - W32.SillyFDC.BBY Packed.Generic.236 W32.Troresba Due to its replication nature it takes a lot of space in the hard drive and consumes more cpu uses which in turn makes the pc too slow also consumes more network bandwidth. Virus:-Virus is a program written to enter to your computer and damage/alter your files/data. Examples of virus are: - W32.Sfc! Example: - JS.Debeski.Trojan

Hackers Breaking New Ground With Ransomware The tools and tactics being used to go after victims reveal growing sophistication, and gamers need to look out, security researchers say. The enormous success which hackers have had extracting millions of dollars from individuals and businesses using ransomware appears to be driving more sophisticated tools and tactics from them. This week researchers sounded the alert on two recent ransomware families that break ground in different ways. One of them dubbed Virlock is noteworthy because it not only locks the screen of compromised systems like other ransomware, but also infects files on the device. First noticed by security firm ESET in December, Virlock is also polymorphic, meaning the code changes every time it runs making it hard to detect using standard malware detection tools. In an alert on Friday, security firm Trend Micro described Virlock as the first ransomware that includes file infection in its routine. “What’s going on is that this is the new mainstream,” Blech says.

Malware trends and cyber security considerations for 2015 Last year was a banner one for breaches, cyber attacks and advanced malware. In addition to the high-profile incidents at Sony Pictures after Thanksgiving and Home Depot before that, enterprise CIOs and their cyber security teams also had to deal with the spread of intense distributed denial-of-service attacks and destructive threats such as CryptoLocker. Malware in 2015: Easy to create, but dangerous enough to require attention As February 2015 arrives, there are still many emerging challenges in keeping corporate networks secure. Paul Christman, vice president of Dell’s Public Sector Software division, noted as much in highlighting the trend toward the creation of “recyclable” malware in particular countries. In this context of malware and disruption on-demand, cyber security practices must evolve. We’ll look here at a few malware-related challenges to keep in mind in 2015. Bring your own device and mobile malware: Could BYOD come to an end?

Exclusive: FBI warns of 'destructive' malware in wake of Sony attack

Related: