‘Red October’ Attack Goes Dark After Big Reveal
A sophisticated cyber-espionage campaign has been successfully penetrating diplomatic, governmental and scientific research organizations across the globe for nearly five years, according to a new report.
Dubbed “Red October,” the malware was first discovered by security giant Kaspersky Lab in October 2012, after the lab’s researchers began investigating a series of cyber attacks against international diplomatic service agencies.
“During the past months, we’ve counted several hundreds of infections worldwide – all of them in top locations such as government networks and diplomatic institutions,” the researchers revealed last week in a report on the issue. “The infections we’ve identified are distributed mostly in Eastern Europe, but there are also reports coming from North America and Western European countries such as Switzerland or Luxembourg.”
According to the lab, Red October has been successfully stealing data from smartphones, removable disk drives, email databases from Microsoft Outlook and from local network FTP servers.
“Based on registration data of the [control-and-command] servers and numerous artifacts left in executables of the malware, we strongly believe that the attackers have Russian-speaking origins,” the researchers concluded, noting that the malware appeared to seek out classified software used by entities like the European Union and NATO.
But just as fast as news of the cyber-espionage campaign spread, Kaspersky Lab on Friday released an additional report to note that the attackers appeared to be closing up shop.
“It’s clear that the infrastructure is being shut down,” Kaspersky security specialist Costin Raiu said in a statement. “Not only [are] the registrars killing the domains and the hosting providers killing the command-and-control servers, but perhaps the attackers [are] shutting down the whole operation.”
While Raiu advised there may still be a number of servers involved that Kaspersky Labs has yet to uncover, for now, it seems the attackers behind Red October know they are being hunted.
Following are some additional cyber headlines you may have missed:
DHS losing a senior cybersecurity leader (GovInfoSecurity)
DOD to forge stronger cyber ties with European allies (Defense Systems)
NIST cybersecurity center calls for HIE pilot volunteers (GovernmentHealthIT)
American power plants shut down by cyber attack (Yahoo News)
Kenya falls victim to cyber attack (Daily Nation)
UK, NZ to work together on cybersecurity (TV New Zealand)
Facing modern cybersecurity threats in China (Asia Pacific FutureGov)
A hacker says smart grid can be penetrated (New York Times)
How M.I.T. ensnared a hacker, bucking a freewheeling culture (New York Times)
Cyberwar’s gray market (Slate)
4 steps for proactive cybersecurity (InformationWeek)
Random security predictions for 2013 (Network World)
4 ways to prepare for and fend off DDoS attacks (CIO Magazine)
Cybersecurity soon to be subject in varsities, tech colleges (The Economic Times)
This report is also available on ClearanceJobs.com at: http://www.clearancejobs.com/defense-news/1071/cybersecurity-news-round-up