State-sponsored hacking attempts frequently rely on specially written software, but that's a risky move. Unless it's well-made, custom code can be a giveaway as to who's responsible. Attackers are switching things up, however. Security researchers at CrowdStrike and Cymmetria have discovered that a likely cyberwarfare campaign against military-related targets in Europe and Israel used commercial security software to both cover its tracks and improve its features. Typically, the attacks would try to fool people into installing rogue Excel scripts through bogus email. If anyone fell for the ploy, the script installed malware that also grabbed parts of Core Security's defense assessment tool in its attempt to throw investigators off the scent. That's no mean feat -- Core has copy protection and digital watermarks to prevent the software from winding up in the wrong hands, so the perpetrators clearly went out of their way to use it.
So who's responsible? While the researchers aren't reaching any definite conclusions, they believe Iran is a possible culprit. The targets make sense given Iran's goals, and the country doesn't have as many resources for disguising its hacks as a superpower like China or the US; swiping off-the-shelf software would let it fast track that work. Whoever's responsible, the findings suggest that less powerful nations can "cheat" if they want to fight digital wars against their neighbors.
[Image credit: Patrick Lux/Getty Images]
0 Response to "Cyberattacks used security software to cover their trail"
Post a Comment