Saturday, December 20, 2014

US CERT releases technical details of "SMB Worm" used in attack on Sony; more on cell phone vulnerabilities

US-Cert (that is NCCIC) in Pittsburgh has issued a detailed technical description of Targeted Destructive Malware, Alert (TA14-33A), a discussion of the “SMB Worm Tool”, link here.  This is the package that was apparently used by “Bureau 121” from North Korea on its attack on Sony.
Webroot, and other security companies, have written that it’s relatively easy for criminals overseas to sell these tools on the “dark web” in the black market.  Tools like this could be deployed against utilities, financial institutions, Internet providers, and the like; so all of these companies need to be particularly vigilant against these kinds of attacks and configure their systems to make them less likely.
Small business users can make themselves more resilient by keeping physical backups offline and by keeping some computers off of networks.  Apparently MacOS systems or Linux are not as vulnerable, at least now.  Maybe there is more of a case for generalized use of Mac in business. 
In another development, Craig Timberg, on the Switch Blog of the Washington Post, reports that Gernab security researchers have found a flaw that lets anyone listen in on your cell calls, link here

Update: Dec. 21

Michael Hltzik of the Los Angeles Times gives a lot of detail as to why the FBI's conclusion that North Korea started the attack is questionable, and why Sony's problems may be more serious than at other companies, here. 

No comments: