pixel_dreams - Fotolia
The BlackEnergy malware tool has integrated new features that extend its reach and viability beyond basic DDoS attacks. Can you explain what these new capabilities do? Are there any new methods of defending against the threat?
Basic distributed denial-of-service attacks are easy money for a criminal, but as more tools and services pop up for DDoS on-demand for hire, the price goes down in this competitive market. DDoS attacks are also starting to be better understood by defenders, and information security teams have learned to engage with their ISP to properly respond to DDoS attacks.
To remain relevant, BlackEnergy -- which started off as a DDoS launching tool -- turned into a crimeware tool targeting Windows systems and developed new features that help maintain its reach and viability. It has since evolved into an APT and expanded into almost a complete remote access Trojan. The controller can search the file system, steal passwords, take screenshots, keylog and steal certificates. BlackEnergy malware has also developed robust plug-in and module capabilities that allow an attacker to develop custom attacks based on core functionality -- much like the Metasploit project. Most recently, the malware has been connected to multi-year attack campaigns against U.S. industrial control system networks.
Defending against the new functionality in BlackEnergy requires broader measures than just protecting against the original Windows-based malware. With new target platforms for Cisco routers and MIPS- and ARM-based systems, the defenses must cover all of these platforms, as well as Linux systems; be sure to integrate these platforms into current security controls such as secure configurations and rigorous patch management.
Defenses include basic good information security hygiene: keeping all of the software updated with the latest patches, using secure configurations, and using strong passwords and/or multifactor authentication. Defenses should also include the other security basics such as log and network monitoring.
Ask the Expert:
Perplexed about enterprise security? Send Nick Lewis your questions today. (All questions are anonymous.)
Learn more about tracking and preventing crimeware attacks
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Port scans provide data on how networks operate. In the wrong hands, this info could be part of a larger malicious scheme. Learn how to detect and ... Continue Reading
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading