Flame Wars: Cyberespionage, Malware and Small Business
Cyberespionage has been an unpleasant fact for decades. Could the virtual tools of high-tech international espionage one day target your home business?
In May 2012, Russian-based antivirus company Kaspersky Lab discovered a malware program they dubbed Flame. Designed for attacks using a complex system of modular components, Flame primarily targets business computers and government organizations in Middle Eastern nations, most notably Iran, Hungary, Lebanon and Palestine. The geographic location of Flame-infected computers, coupled with the sophisticated nature of the malware, suggests that Flame is the work of a nation-state engaging in cyberespionage and possible cybersabotage.
A number of features within the malware code suggest that Flame's creators carefully controlled the spread of the program, but small businesses should still take note. Could similar programs lurk in your network, quietly stealing your data?
Flame enters Windows OS networks through infected USB thumb drives, shared printer spool vulnerabilities and network shares. The initial point of infection remains a mystery, although the primary suspects are spear-phishing emails targeting unknown Windows vulnerabilities.
Initial infections only install Flame's main component programming. The malware's controllers then add modules to the main component to customize the malware attack. Thus far, researchers have identified 20 separate modules.
Among other abilities, Flame can record audio conversations, take screenshots, log keyboard activity and snoop network traffic. Attackers can gather information about nearby discoverable mobile Bluetooth devices while also making infected computers Bluetooth discoverable.
Flame evaded detection by multiple antiviral programs for at least two years, with some experts suggesting the program may have been in the wild since 2007. The malware creators clearly had stealth in mind.
In addition, Flame attackers can disable the malware's ability to spread, and included cleanup features capable of erasing all traces of Flame from an infected computer. Most malware includes some cleanup functionality to cover evidence left during installation, but Flame can completely remove itself.
Producing a program capable of hiding as effectively as Flame requires more resources than most hackers could access. Flame is a multi-million dollar project, another sign that the malware originates with a nation-state or a state-contracted company.
Unless you deal with sensitive government information, chances are you're safe from Flame or similar cyberespionage programs. Major antivirus programs can now identify and neutralize Flame.
The real danger to small businesses lies in the lessons hackers can learn from cyberespionage in general. An increase in stealthy malware capable of covering its own tracks is possible. Such malware could revolutionize corporate espionage or identity theft. While mostly a theoretical threat at present, the possibility of widespread cyberterrorism attacks on a nation's business environment must also be considered.
An up-to-date antivirus program remains an important aspect of network security, as does a regular schedule of updating and patching operating systems and other software. While effective against known viruses, however, these precautions are less effective against as-yet undiscovered threats.
Antivirus software is primarily reactive: Companies develop protection to new viruses as they emerge. That protects you against future attacks, but offers no security if you're one of the first victims of a previously unknown program.
Monitoring IT network data helps identify threats that operate under the antiviral industry's radar. Abnormal network activity may indicate a possible intrusion, and should be isolated as soon as possible. Monitoring data in this way requires a proactive, intensive approach to network security. A small business may need expert IT services to set up such as system. The extra effort could help avoid a targeted attack on vital business information.