Introduction to Cyber-Warfare by Paulo Shakarian & Jana Shakarian & Andrew Ruef & Sushil Jajodia

Author:Paulo Shakarian & Jana Shakarian & Andrew Ruef & Sushil Jajodia
Language: eng
Format: epub
ISBN: 9780124079267
Publisher: Elsevier Inc.
Published: 2013-05-21T16:00:00+00:00

An Example of the Current State of the Art: Sykipot

In 2011, a class of malware known as “Sykipot” reemerged in cyber space. By this time, Sykipot had been around for a few years—with unconfirmed reports from as early as 2006.94 This particular piece of malware is a Trojan—installing a back door onto the target machine for the purposes of exfiltrating information. In March 2010, Sykipot was loaded onto target computers using a zero-day vulnerability in Microsoft Internet Explorer. In late 2011, the malware was again being used in conjunction with a zero-day vulnerability—this time in Adobe Acrobat and Acrobat Reader. The software was again distributed using spear phishing. The hackers sent e-mails to targeted individuals in federal agencies and contract organizations containing a malicious Adobe Acrobat PDF file that exploited the zero-day vulnerability, installing the back door that once initiated and created a secure connection with a command-and-control server. The modus operandi was very similar to the attacks described previously. The weakness in Adobe Acrobat was originally noticed by Lockheed Martin’s security response team and the Defense Security Information Exchange (DSIE)—a group of major U.S. defense contractors that share knowledge on assurance information.

The e-mails and PDF files used in the spear-phishing campaign were particularly well crafted. One such message contained a PDF file that had the latest per-diem rates (daily allowances for U.S. government employees on travel to defray the costs of meals and other incidental expenses).95 Another had a 2012 guide on the contract award process.96 As with the previous attacks in this chapter, these messages illustrate the great care taken by the attackers to select their targets—this was not a mass e-mail campaign, but rather a highly precise operation.

The security firm AlienVault examined traffic to the C&C servers transmitted by Sykipot and noticed that some of the exfiltrated data dealt with American technology for unmanned aerial vehicles (UAVs) and space technology. Specifically, they found unclassified documents relating to Boeing’s X-45 Unmanned Combat Air Vehicle (UCAV) and X-37 orbital vehicle.97 The researchers at AlienVault also managed to trace the controlling server’s traffic back to Chinese IP addresses. They noticed that the malware contained error messages in Chinese, a fact that was also confirmed by researchers at Symantec.98 Based on the Chinese principles of information warfare, it would be feasible that the Chinese government had a vested interest in supporting these missions as information on experimental aircraft furthers both economic and military goals as espoused in Unrestricted Warfare. Further, considering the Sykipot campaigns since 2007, there were six total observed zero-day exploits—five of which were used in 2010 or later. These vulnerabilities could indicate that the operations were sponsored by a well-funded organization (i.e., a nation-state). The use of highly targeted spear-phishing e-mails may also point to a nation-state as they likely required a good source of intelligence to develop (Figure 7.8).

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.