What are the mitigation measures against the sneaky-ware below?
Is AV or IPS more relevant in mitigating against it?
is DDoS mitigation (using clean-pipe etc) effective?
Super-sneaky malware found in companies worldwide
A shadowy hacking group has infected computers at companies, universities and governments worldwide with the sneakiest malware ever. The mysterious group, which researchers nicknamed "the Equation group," uses malware that's unusually quiet, complex and powerful.
The Equation group also appears to have ties to Stuxnet, the computer worm that sabotaged Iran's nuclear enrichment program in 2010 and was later revealed to be a joint U.S.-Israeli project. Malware attacked Windows computers, Macs and even iPhones.
Security researchers have documented 500 infections by Equation Group and believes that the actual number of victims likely reaches into the tens of thousands because of a self-destruct mechanism built into the malware. They have also reportedly uncovered state-created spyware hidden in the hard drive firmware of more than dozen of the largest manufacturers brands in the industry, including Samsung, Western Digital, Seagate, Maxtor, Toshiba and Hitachi.
These infected hard drives would have given the cyber criminals persistence on victims' computers and allowed them to set up secret data stores on the machines, which is only accessible to the malicious hackers. One of the most sophisticated features of these notorious pieces of hacking tools is the ability to infect not just the files stored on a hard drive, but also the firmware controlling the hard drive itself. The malware is hidden deep within hard drives in such a way that it is difficult to detect or remove it.
The campaign infected tens of thousands of personal computers with one or more of the spying programs in more than 30 countries, with most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria.
The targets included government and military institutions, telecommunication providers, banks and financial institutions, energy companies, nuclear researchers, mass media organisations, and Islamic activists among others.
Security researchers are calling the malware as the "ancestor" of Stuxnet and Flame, the most sophisticated and powerful threats that were specially designed to spy and sabotage ICS and SCADA systems.
For the original news, kindly go to: http://thehackernews.com/2015/02/hard-drive-firmware-hacking.html
· Infection of files stored on hard drive as well as firmware
· Data exfiltration
· Network mapping
· Unable to detect and difficult removal of malware
· Set up secret data stores on the machines which will only be accessible to malicious hackers