Friday, 6 February 2015

Research: Cyber Spies Sloppy Programmers

Groups that advanced persistent threats (APTS) for cyber espionage prove to be sloppy programmers use, says a researcher ( pdf ) of the British anti-virus firm Sophos . The virus fighter compared the malware cybercriminals applied by cyber spies.

Apts are often considered sophisticated attacks, in which attackers long time to access the network from a target managed to obtain. However, the quality of the malware used appears to be disappointing, says researcher Gabor Szappanos. For example, there appeared to be no quality control in the APT-groups. "A big part of their creations is not well tested, and they do not see why some functionality is not working," he tells.

It also appears that ordinary malware writers have more knowledge than the known exploits APT groups. Something which is bad news, because APT groups focusing on specific targets, while the malware from the malware writers has a much greater range. The APT groups do not have extensive skills when it comes to exploits. New exploits are quickly utilized, but it comes to units which have been developed by others or come from Metasploit.

Usually they develop exploits yourself and in the case of other people's exploits are barely changed. Metasploit is a framework that is offered by security firm Rapid7 and allows security professionals to test the security of systems. According Szappanos let his research shows that when security researchers and administrators respond rapidly to undetected leaks, they probably handle this type of APT groups.

"Despite this, the malware writers mentioned in the report should not be underestimated. They develop sophisticated Trojans and know that spread to major organizations. The fact that they are not good with exploits does not mean that they are less dangerous," concludes the researcher.

No comments:

Post a Comment