It happened again. A number of countries have been hit by what has been called the most sophisticated piece of malware seen to date.
The malware is called Flame – appropriate given the number of computers that have been burned by this latest cyber weapon.
Word of this malicious piece of software began leaking out last week and quickly caught widespread cybersecurity attention. By Tuesday morning it had over 1.3 million returns on a Google search.
This cyber espionage attack was highly targeted and has been found on computers throughout the Middle East.
Flame redefines cyber espionage, it makes all the other software in that category look like cheap toys!”
After spending a few hours researching the capabilities of this cyber weapon I would have to say the capabilities that have been documented to date have moved the line and this is truly state-of-the-art when it comes to software used for cyber espionage.
Flame has not demonstrated any lethal cyber weapon capabilities as of yet. That being said, however, it has the ability to be remotely repurposed from an intelligence collection mechanism to an offensive, destructive cyber weapon.
That is just one of the unique capabilities that have been designed into this highly complex and sophisticated piece of software.
A post by Kaspersky Lab’s security products reports that Worm.Win32.Flame is “designed to carry out cyber espionage. It can steal valuable information, including but not limited to computer display contents, information about targeted systems, stored files, contact data and even audio conversations.”
Eugene Kaspersky, CEO and co-founder of Kaspersky Lab, said in the website’s report: “The risk of cyber warfare has been one of the most serious topics in the field of information security for several years now. The Flame malware looks to be another phase in this war, and it’s important to understand that such cyber weapons can easily be used against any country. Unlike with conventional warfare, the more developed countries are actually the most vulnerable in this case.”
Another intelligence analyst said, “Flame redefines cyber espionage, it makes all the other software in that category look like cheap toys!”
Most noteworthy of the capabilities designed into this malware include the ability to perform a screen capture when high-value programs (such as email) are active on the monitor/screen.
It also has the ability to turn on the microphone in, or attached to, the computer, capture audio in the area directly adjacent to the device, compress the file and transmit it back to its controllers via a network of compromised intermediary servers.
If anyone doesn’t think we have entered a new age of spying and a cyber arms race, discovering this sophisticated compromise on the heels of Stuxnet and Duqu will surely make them rethink their position.
Experts believe that once attribution has been made, retaliation is almost guaranteed! This is one to watch – CLOSELY.
Kevin G. Coleman is a long-time security technology executive and former Chief Strategist at Netscape. He is Senior Fellow with the Technolytics Institute where he provides consulting services on strategic technology and security issues. He writes a weekly blog for Breaking Gov on the topic of cyber intelligence.