Yesterday the US CERT and ICS-CERT published a Joint Security
Awareness Report (JSAR) on the Gauss malware recently reported
by Kaspersky Lab. According to Kaspersky this malware appears to be
targeted at financial institutions in Lebanon and the surrounding countries.
Why ICS-CERT is publishing this JSAR is not clear as there do not appear to be
any affect, currently, on control systems or industrial networks.
As would be expected, the Kaspersky report is extremely detailed,
with most of the information available only to those fluent in Geek Speak
(unfortunately I am only conversant in pidgin Geek Speak). What is clear,
however, is that Kaspersky believes that this new malware is related to
STUXNET, FLAME, and DUQU and that the malware is readily adaptable to carry any
number of new modules. In fact, there are a number of encrypted modules in the
versions that Kaspersky has studied that have unknown purposes.
There is already discussion on the internet that this is ‘another’
in a series of cyber-warfare tools developed and deployed by the United States
(and Israel). No one expects any confirmation of that but we didn’t expect
President Obama’s supposed confirmation of STUXNET being a US cyber-warfare
tool either. The disclosure of this malware and the unsupported attribution of
it to the United States will certainly inspire counter-attack aspirations by
Iran and its allies and encourage the development of cyber-warfare capabilities
by a wide variety of folks around the world.
That this could have an effect on the continued debate of
cybersecurity legislation is almost a foregone conclusion. There will be those
that might suspect that the publication of this JSAR could be part of a
campaign by the Administration to encourage positive movement in debate. Not
me, of course.
BTW: Interesting tweet
from Joel Langill on Gauss.
Posts
No comments:
Post a Comment