Espionage fanning the Flame of cyber crime
African countries are not immune to the activities of cyber criminals and should take cognisance of the threat represented by the Flame virus, one of the more sinister forms of attack in existence globally.
Security software experts describe Flame as a highly sophisticated virus and professional cyber espionage tool that is designed to leverage off various attack formations (including trojans, malware and worms) and vulnerabilities to infect applications and extract data from PCs and networks.
The consensus among those in the security solution development and application space is that those behind Flame are likely organised groups and technically skilled syndicates that follow a deliberate agenda to extract and use data.
In addition to infiltrating a system and lying in wait to steal data, the Flame virus can reportedly also automatically link up to the audio/visual equipment on a system and ‘spy’ on all user activity.
Anything from surfing the Web, typing a document, downloading multi-media content and listening to music can be recorded – with the user being none-the-wiser.
This recorded information is then ‘processed’ and immediately sent through to a control and command centre, from where further attacks may be planned and executed.
Flame is believed to have originated in the Middle East and spread to parts of Europe and into North Africa. Several online media reports have discussed in detail how the government of Iran has had to take immediate action, via its Computer Emergency Response Team, to eliminate and block the Flame virus. Time’s Techland spoke of Iran’s oil networks being a key target. Speculation has surfaced in the media that it may be part of an Israeli-backed campaign.
According to Independent Online more than 600 computers of users in Iran, Israel and Palestinian territories, as well as Sudan and Syria, were affected.
Vitaly Kamluk, Chief Malware Expert, Russian Global Research and Analysis Team at Kaspersky Lab, said that the virus is prevalent but geographically limited to particular countries.
“The intention is not to infect as many PCs or networks as possible, rather these are premeditated attacks on specific targets with the objective to take as much data as possible and process this information,” said Kamluk.
“What makes this virus a challenge is that it has inherent code that can perform ‘light checks’ on systems to see the level of protection. There is more chance that Flame will not trigger any action if there is a significant level of protection on a system,” he added.
Based on research reports from Kaspersky there is no evidence of specific use of the virus against South Africa. However, Kamluk warns that the global nature of the cyber environment means that users need to be aware and alert.
Jayson O’Reilly, Security Practice Manager, Symantec SouthAfrica, says cyber criminals have become a lot more sophisticated with attacks. The central objective today is really Return on Investment as targeted attacks like ‘spear phising’ are designed to steal the most prized asset – data.
Internationally there are a number of key areas of focus when it comes to cyber crime – including malware, mobility and social networking.
O’Reilly says there has been a marked increase in malware incidents and the average number of events per day has risen from 77 to 82. In terms of activitySouth Africais positioned at number 43 globally, and number four in the world for phising and spam activity.
Criminals are also beginning to tap into emerging markets like short URL and other web-based activity. “The Internet is definitely a catalyst for attacks, like social engineering for example,” he adds.
“With sophisticated attacks, such as that of Flame, the user looks for abnormal activity or signs of a problem on their infrastructure, but the virus uses stealth to sit, steal information and record activity,” O’Reilly continues.
As the global front to prevent incidents of terrorism gathers momentum, threats and security breaches in cyberspace remain on the increase. The concern for governments is that the digital world may be a priority on the agenda of hard-line extremists and fundamentalist groups – including homegrown organisations like the Nigeria-based Boko Haram and Al-Shabaab located in Somalia.
These organisations remain established and continue to grow in numbers and influence, with reported militant capability and strength.