pixel_dreams - Fotolia
The BlackEnergy malware tool has integrated new features that extend its reach and viability beyond basic DDoS attacks. Can you explain what these new capabilities do? Are there any new methods of defending against the threat?
Basic distributed denial-of-service attacks are easy money for a criminal, but as more tools and services pop up for DDoS on-demand for hire, the price goes down in this competitive market. DDoS attacks are also starting to be better understood by defenders, and information security teams have learned to engage with their ISP to properly respond to DDoS attacks.
To remain relevant, BlackEnergy -- which started off as a DDoS launching tool -- turned into a crimeware tool targeting Windows systems and developed new features that help maintain its reach and viability. It has since evolved into an APT and expanded into almost a complete remote access Trojan. The controller can search the file system, steal passwords, take screenshots, keylog and steal certificates. BlackEnergy malware has also developed robust plug-in and module capabilities that allow an attacker to develop custom attacks based on core functionality -- much like the Metasploit project. Most recently, the malware has been connected to multi-year attack campaigns against U.S. industrial control system networks.
Defending against the new functionality in BlackEnergy requires broader measures than just protecting against the original Windows-based malware. With new target platforms for Cisco routers and MIPS- and ARM-based systems, the defenses must cover all of these platforms, as well as Linux systems; be sure to integrate these platforms into current security controls such as secure configurations and rigorous patch management.
Defenses include basic good information security hygiene: keeping all of the software updated with the latest patches, using secure configurations, and using strong passwords and/or multifactor authentication. Defenses should also include the other security basics such as log and network monitoring.
Ask the Expert:
Perplexed about enterprise security? Send Nick Lewis your questions today. (All questions are anonymous.)
Learn more about tracking and preventing crimeware attacks
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Enterprises have many options for email security best practices, ranging from deploying email security protocols to educating end users on the ... Continue Reading
Cyberattacks often begin with a port scan attack, which attackers use to find exploitable vulnerabilities on targeted systems. Learn how they work ... Continue Reading
Monitoring process memory is one way to combat fileless malware attacks. Here's what you can do to protect your network against these campaigns. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.