Tuesday, February 11, 2014

Stories about Careto, the most sophisticated malware in the world, from Russia with Love; more on Target; Is Linux safer?

The Minneapolis Star Tribune has a detailed story, Jan. 30, explaining how cybercriminals store vendor credentials to get into a “backdoor” of Target’s point-of-sale software.  The story by Jennifer Bjrohus is here. I remember the Target building, just west of Minneapolis, on I-94, as I recall.  I had an interview there in 2003. 

That’s one thing.  It’s obvious that retailers are going to have to go to a new generation of security, with 2-step verification and piped encryption, and this may become less convenient for users online.  And there’s bound to be litigation over money lost from debit cards. 
This sort of widespread criminal activity seems to have implicit state support – probably Russia, which sees crime by its tech-savvy young adults as a way to get around economic problems.  But it really seems more targeted at the really big guys (mainly retailers and banks) than ordinary people.

Tim Lee has a piece on the Washington Post Switch Blog about malware called Careto, said to be the most sophisticated ever, but still based on “spear-phishing”, link here
 Lee’s report suggests that it was created with the help of a state, and that leaves three or four major countries (probably not even Syria).
Kaspersky Labs has a detailed report  on Careto (“Unveiling Careo, the Masked APT”), and it isn’t too much of a stretch to say that this development doesn’t help Putin cover his tracks by looking pretty in Sochi.
Lee and Fung have separate stories about the malware on the Switch Blog.  It is said to be able to attack almost any operating system, including Linux and Android.

Here’s one other piece I found, “Why Linux is better than Windows”
Well, that’s because it’s simpler.  (It's really behind Mac operating systems.)  Maybe that would be true for personal PC’s, as generally Mac’s and Linux machines are less vulnerable.  For shared hosted services are a different story; operating system complexity  (Windows hosting is more "complex" than Unix hosting) may turn out to be an advantage.      

No comments: