Follow us on Twitter

Access our Document library

Meet the team

Significant cyber-threat uncovered

Posted by Jon Wilcox on Fri, 19/02/2010 - 12:39
Printer friendly


trojan.png

Analysts at cyber-security company NetWitness have revealed the extent of a new botnet (software-based robots that can be used for malicious purposes), which has managed to infiltrate over 2,500 private and public sector organisations around the world. Ten US government agencies were found to have been affected by the botnet.

The Kneber botnet was uncovered by NetWitness in January, prompting an comprehensive investigation, which revealed, “an extensive compromise of commercial and government systems that included 68,000 corporate login credentials, access to email systems, online banking sites, Facebook, Yahoo, Hotmail and other social networking credentials, 2,000 SSL certificate files, and dossier-level data sets on individuals including complete dumps of entire identities from victim machines.”
 
“Organisations which focus on compliance as the objective of their information security programs and have not kept pace with the rapid advances of the threat environment will not see this Trojan (Kneber) until the damage already has occurred,” said Amit Yoran, CEO of NetWitness. “Systems compromised by this botnet provide the attackers not only user credentials and confidential information, but remote access inside the compromised networks."
 
"Many security analysts tend to classify ZeuS solely as a Trojan that steals banking information," stated Alex Cox, the principal analyst at NetWitness responsible for uncovering the Kneber-bot, "but that viewpoint is naive. When we began to detect the correlation among both the methodology used by the Kneber crew to attack victim machines and the wide variety of data sets harvested, it became clear that security teams must rethink their entire perspective on advanced threats such as ZeuS and consider more diverse mission objectives."
 
NetWitness’ whitepaper comes just months after professional services company, PricewaterhouseCoopers (PwC) published a report that pointed out the growing threat from e-Espionage. “The threat of E-espionage should be one of the top issues addressed by today’s Boards,” argued the PwC report.
 
Responding to confirmation of the Kneber botnet, PwC’s director of the OneSecurity programme, William Beer, said, “This is the latest in a string of similar attacks carried out by a highly organised group of hackers, showing the rising level of sophistication in cybercrime. Companies need to consider conducting a risk assessment to establish the size, number, nature and source of the attacks, gauge the vulnerabilities, and assess the resulting impact on their business.”
 
“Too many organisations continue to rely on traditional approaches to combat the ever-changing threat from malware (malicious software).  Modern malware has evolved beyond its once anarchistic beginnings into a targeted, effective tool of choice for the bad guys. Malware will continue to evolve, improve and have higher success rates, so it’s time for organisations to rethink their current security strategy to ensure they can defeat the latest attacks.”