New super sneaky malware highlights enterprise need for layered security

New super sneaky malware highlights enterprise need for layered security

A new cybersecurity industry report has revealed that a group of cybercriminals is infecting government, university and enterprise computer networks with malware created for the National Security Agency. The security firm that released the report described the hacking campaign as something “that exceeds anything we have ever seen before,” noting that the malware being used is very flexible and incredibly hard to detect.

The cybercriminal organization behind the attacks has been nicknamed the Equation Group because of how unusually complex and powerful the malware they use is.  Not only have the malicious actors managed to infect computers with this sophisticated software, but in some cases they were even able to plant spyware on the machines’ firmware, allowing it to remain undetected by antivirus software.

Researchers revealed that the group even appears to have a connection with Stuxnet, the computer worm responsible for sabotaging Iran’s nuclear enrichment program in 2010. Stuxnet was later revealed to be a joint project between the U.S. and Israel. Even more worrying, according to the report, is that the hackers have been using a tool known as GROK – something exclusively used by the NSA’s cyber-warfare unit. Use of GROK by the U.S. government was revealed in the classified NSA files leaked by former contractor Edward Snowden.

This malware is scary, but nothing new
While the findings of the report are alarming, this is just the latest occurrence in a string of incidents using government malware to commit corporate espionage plots. Hackers backed by China have stolen files from power plants containing business plans and Russian cyberspies have infected the corporate networks of oil and gas companies. However, the researchers responsible for the study don’t believe the Equation Group is backed by one particular government. There is evidence the cybercriminals have hacked into Chinese hospitals, Iranian banks and aerospace companies, Russian universities, rocket science research institutions, military facilities and even Pakistani government agencies.

The hackers used the malware to monitor keystrokes on enterprise machines and steal documents using legitimate credentials. In one particular scenario, the group programmed the malicious software to look specifically for shipping contracts and inventory price lists related to oil sales.

To defend against malicious software infecting their privileged network, many companies have started to employ a layered security solution. Faronics Anti-Virus provides protection for multiple endpoints and leverages a variety of strategies, such as Web filtering, firewalls, anti-rootkit and anti-spyware, to protect against cybercriminals and keep important information and systems safe.

About The Author

Kate Beckham

Kate has been lighting up the blogosphere for over 5 years, with a keen interest in social media and new malware threats. When not sitting at a café behind her Mac, you’ll usually find her scouring the racks for vintage finds or playing guitar.

Sign Up For A 30-Day Trial


Deep Freeze Enterprise

Centralized deployment and management as well as a host of configuration options for the Enterprise.

  • This field is for validation purposes and should be left unchanged.

Ready to find out more about Faronics? Let us know how to reach you.

We're here to help you in any way possible.