An article in pcworld.com this week entitled “Destroying your hard drive is the only way to stop this super-advanced malware” caught my attention. And with good reason. Upon reading the article two things stood out to me.
- The world of cyber espionage is a scary place and capabilities are getting too advanced that I really fear for the future and hope that anti-attack efforts and businesses are working just as hard as the attackers to stop this acceleration.
- Unless you are a country with suspected ties to terrorism or a perceived threat to world security, you probably don’t need to worry about this malware…yet.
It seems this malware is so sophisticated that it is only being used by an extremely advanced agency (I will not speculate) to attack countries including Iran, Russia, Pakistan, Afghanistan, India and China. Targets in those countries included the military, telecommunications, embassies, government, research institutions and Islamic scholars, according to Kaspersky Labs.
I tell you not to worry about this because I assume the readers of my blog are relatively decent and good people trying to run businesses or IT departments within said businesses. But I say “yet” because if this can be done now, it is only further indication that the technology to attack is getting so advanced so rapidly, it is only a matter of time until this capability is in more people’s hands.
I stand by my advice of blogs’ past: While it is important to have a sound data protection plan in place, you must not assume it is ever completely un-penetrable. You must, Must, MUST have a disaster recovery plan in place with frequent and redundant data backup and encryption wherever necessary and possible.
Here is the article to read for yourself:
A cyberespionage group with a toolset similar to ones used by U.S. intelligence agencies has infiltrated key institutions in countries including Iran and Russia, utilizing a startlingly advanced form of malware that is impossible to remove once it’s infected your PC.
Kaspersky Lab released a report Monday that said the tools were created by the “Equation” group, which it stopped short of linking to the U.S. National Security Agency.
The tools, exploits and malware used by the group—named after its penchant for encryption—have strong similarities with NSA techniques described in top-secret documents leaked in 2013.
Countries hit the most by Equation include Iran, Russia, Pakistan, Afghanistan, India and China. Targets in those countries included the military, telecommunications, embassies, government, research institutions and Islamic scholars, Kaspersky said.
Kaspersky’s most striking finding is Equation’s ability to infect the firmware of a hard drive, or the low-level code that acts as an interface between hardware and software.
The malware reprograms the hard drive’s firmware, creating hidden sectors on the drive that can only be accessed through a secret API (application programming interface). Once installed, the malware is impossible to remove: disk formatting and reinstalling the OS doesn’t affect it, and the hidden storage sector remains.
“Theoretically, we were aware of this possibility, but as far as I know this is the only case ever that we have seen of an attacker having such an incredibly advanced capability,” said Costin Raiu, director of Kaspersky Lab’s global research and analysis team, in a phone interview Monday.