Security Central: WikiLeaks Releases C.I.A. Hacking Documents, Dridex Banking Trojan Receives Upgrade
In what is being called the largest leak of C.I.A documents in history, WikiLeaks on Tuesday released thousands of documents that detailed sophisticated software tools used by the Agency to hack into smartphones, computers and even Internet-connected televisions.
The documents were essentially instruction manuals outlining secret hacking tools used by the C.I.A. to break into the aforementioned devices to spy. According to The Economist, WikiLeaks posted nearly 9,000 documents and files dated 2013-2016, calling it the "first taste" of a “vault” of CIA secrets. Uh oh…
So, who's behind this large-scale release and what was the motivation? WikiLeaks claimed that the information was provided by a former American government hacker or contractor who wished to “initiate a public debate” about the security and democratic control of cyber-weapons, viruses and malware. However, according to James W. Gabberty, associate dean and professor of information systems at Pace University’s Seidenberg School of Computer Science and Information Systems, this leak will do much more than spark lively conversation and debate.
“The potential damage done to the United States – both from a military and personal safety perspective – resulting from WikiLeaks’ transmittal of thousands upon thousands of program codes stolen by hacktivists puts us all in danger as now our enemies possess the greatest weapon possible to inflict harm to us: the keys to the kingdom," states Gabberty.
In essence, this does not bode well for intelligence agencies and their communities, the Trump administration and technology firms in Silicon Valley, as it only stands to further strain those already-strained relationships. The news also reopens the wounds that the intelligence community suffered after the release of National Security Agency documents by Edward Snowden back in 2013. The leaks dredge up the massive gray areas that surround espionage in the digital age.
Essentially, governments want to have their cake and eat it too. They want top-notch computer security because they want to protect themselves against being hacked, but they also value security flaws because computers and smartphones make fantastic spying tools, even with the crazy-strong encryption mechanisms in place today. Oh the dilema…
For now, the FBI is in the process of hunting down the leakers. The C.I.A., unfortunately, has its work cut out for it. It must now work to repair its systems and at the same time brace itself for the possibility of new releases (which WikiLeaks has threatened to do). Trust is low, tension is high… not a great mix.
In a rather explosive development, it was recently announced that the Dridex Trojan has gone nuclear. Dridex, which is one of the most destructive banking Trojans in the financial sector, recently received a pretty impressive upgrade. The version update has equipped the malware with a new advanced injection technique and evasive capabilities known as "AtomBombing."
A few weeks ago, researchers with IBM X-Force labs discovered the new version of the banking Trojan, which has been dubbed Dridex v4. The updated code features were first disclosed back in October 2016 by security firm enSilo. Apparently, the malware has already been detected targeting European banks, and is expected to be used against U.S. financial institutions over the course of the next few months.
IBM's cybercrime experts have stated that the malware is the first banking Trojan they have encountered to use AtomBombing. This is significant, IBM says, as organized cybercrime gangs using banking Trojans will be likely to adopt the same method in the future (according to an article by Infosecurity Magazine).
Dridex’s cyber thugs have also developed a huge upgrade to the malware’s configuration encryption, which includes the implementation of a modified naming algorithm, a robust persistence mechanism and a few other scary enhancements.
In an interview with Infosecurity, Luis Corrons, Technical Director of PandaLabs, states the update to the Dridex Trojan is proof that cyber-criminals continually "keep up to date with new technologies, and try to get advantages of them to make their attacks better."
“The release of a major version upgrade is a big deal for any software, and the same goes for malware,” IBM added. “The significance of this upgrade is that Dridex continues to evolve in sophistication, investing in further efforts to evade security and enhance its capabilities to enable financial fraud."
Don't lose hope just yet, channel partners and resellers. According to other experts, Dridex and AtomBombing aren't necessarily game-changers. "The way the attack is performed to inject code is new, although… malware has used malware injection techniques for a long time," continues Luis Corrons. "It is just another technique to be used by malware once it is already in the victim's computer. It is easy to implement, so we'll see it in some other malware attacks; however, from my personal opinion it is not something we have to worry about."
So, something to be aware of and keep an eye on, but nothing to fret too much about.
Our final story takes a look at the ever-changing, never-dull world of cybersecurity in politics. A House panel just approved a bill designed to encourage federal agencies to adopt cybersecurity framework developed by the National Institute of Standards and Technology (NIST). Gasp! Finally, a step in the right direction?
According to The Hill, the House Committee on Science, Space and Technology approved the bill, dubbed the NIST Cybersecurity Framework, Assessment, and Auditing Act of 2017, for the most part along party lines, despite a few nitpicks from Democrats regarding provisions within the bill requiring the NIST to "evaluate and audit federal agencies’ adoption of the cybersecurity and technology guidelines."
Rep. Ralph Abraham (R-La.), who is the vice chair of the subcommittee on research and technology, introduced the bill earlier this week, framing its implementation as a response to recent high-profile breaches, like those that hit the Office of Personnel Management and the IRS.
The bill includes directives that instruct the NIST to develop metrics for evaluating federal agencies’ cybersecurity and submit an initial assessment and subsequent audits to Congress on the security measures implemented by federal agencies. It would also set up guidance for federal agencies to incorporate the NIST cyber framework.
“Much as the nature of cyberattacks continue to evolve to reflect the sophistication of the cyber criminals, we in the government must also be willing to evolve to protect Americans and our government,” said Abraham. “That evolution starts with thinking outside the box instead of maintaining a business-as-usual approach."
It's hard to tell what the impact of the bill and its directives will be in this uncertain climate, but again, it's a huge step in the right direction. We think.
The views expressed in this column do not necessarily reflect the views of Penton Media or The VAR Guy editorial staff.