A computer virus more powerful than the infamous Stuxnet has been discovered in Iran, fuelling fears that we are moving closer to an ‘age of cyber warfare’ where the corporate world is as at risk as governments.
The worm, known as Flame, was discovered by cyber security firm Kaspersky Lab. Alexander Gostev, expert at the firm, called it “one of the most complex threats ever discovered” and many believe that the Trojan could redefine cyber espionage and cyber warfare.
The sophistication of the malware has led to speculation that it was engineered by a nation-state. The purpose of the virus is not for financial gain and is a different style of tool to the simple techniques used by hacktivists so is even less likely to have been created by everyday cybercrims.
The complexity and power of the malware is an omen of the escalating cyber warfare and espionage threat. Marco Obiso, cyber security coordinator for the UN’s International Telecommunications Union described the alert issued by the union as “the most serious warning we have ever put out.”
Obiso told Reuters that the confidential warning issued to the UN member states will describe Flame as a “dangerous espionage tool that could potentially be used to target critical infrastructure” and described Flame as “much more serious than Stuxnet”.
Flame, named after one of its key modules, is a toolkit of many different cyber attack and espionage features; meaning it has worm capabilities, replicating itself on networks and removable devices; can look at network traffic and take screenshots when applications of interest – like instant messaging apps – are running; and record audio conversations from an infected device’s microphone and siphon documents. Plug-ins can add even further functionality at the attackers’ demand.
As Flame consists of many different plug-ins – up to 20, each with different specific roles – a specific infection with Flame might have a set of seven plug-ins, while another infection might have 12. This means that attacks can be tailored depending upon the kind of information that is sought from the victim and how long the system was infected with Flame – making it a valuable cyber espionage tool.
The malware’s ability to alter itself according to the victim reflects how cyber warfare and espionage between nation states is fast becoming stealthier and increasingly efficient. As cyber warfare is a ‘bloodless war’ that can still inflict mass damage, it is increasingly seen as a more appealing option for governments.
A notable point is the potential impact on the commercial world. As governments invest more and more in preventative measures for cyber attacks and the cyber weapons themselves, there is undoubtedly going to be information leaked into the corporate world. Although morally questionable (to say the least) I wonder whether – as the reliance on, and value of, business data increases – we will see cyber-espionage tools of this calibre transfer into the corporate realm in years, or months, to come.
The constantly evolving complexity and strength of malware, and discoveries like Flame are constant reminders of the need for cyber security strategies to be implemented and continually updated.
As more information emerges about the malware, the more complex it seems, with some sources suggesting that it will take up to years to dissect.
Do you see Flame as a sign of things to come or is it over-hyped by the media?