new international cyberespionagenetwork Inception with new techniques discovered

you will have to read the whole file if you are a specialist

the points to remember are the following

* they use webdav so you will have to look at webdav traffic coming to that - eliminate everything you don't know

   go from free for all to only those you know and look at the logs of the things that were blocked

* they use infected files of which RTF and docs so sandboxing attachments or opening them on specific servers with no connections to any workstations (scripts, installations etc...) and no links to the internet

* they use routers they overtake which haven't been hardened which means that you will have to take the security of your routers more seriously and look at what happens to them and who has access as an administrator to those routers (they own hundreds of them)

* nothing can protect you once you are infected because all processes take place in memory - it is game over

* there is also a mobile element with infected multimedia messages but I never believed that mobiles were secure anyway

the targets are mainly russian for the moment but everybody will be reading and analyzing these files and this will just become another method used by everybody with enough knowledge or sold to anybody willing to apy for it


The comments are closed.