Thursday, November 6, 2014

Warning on BlackEnergy Rising Threat


As reported at TechWorld, "A cyberespionage group that has built its operations around a malware program called BlackEnergy has been compromising routers and Linux systems based on ARM and MIPS architectures in addition to Windows computers."

Ken Bechtel, malware research analyst at Tenable, warns that "Companies that are not actively monitoring network traffic may not be able to identify BlackEnergy malware in a timely manner. Since routers are neither protected from malware nor routinely scanned, compromising them puts attackers in the catbird seat, granting large scale visibility into the network and plenty of time to scout network defenses before selecting a target.

"In this scenario, the initiative rests completely with the attackers, so traditional network defenses are not enough to detect and remediate the threat. Continuous monitoring can help companies reduce the attack surface by specifically looking for abnormal activity originating in routers."