Wednesday, November 05, 2014

Revamped BlackEnergy Covers All, Windows, Linux And Cisco routers!

They will also be able to say, Mission Impossible : This System Will Self Destruct to the tune of,,,,, Mission Impossible. Researchers from Kaspersky Labs have discovered new capabilities in the BlackEnergy crimeware tool that are beyond what believed to be. The new varients of BE, are able  to run on network devices, DDoS attacks, stealing passwords, scanning ports, logging IP sources, covertly taking screenshots, gaining persistent access to command and control channels, and destroying hard drives, just to name a few.
The article written by the researchers is pretty scary as it reveals the capabilities of BE2, and BE3. Hiding their paths with 'dstr' command;
"By all appearances, the attackers pushed the 'dstr' module when they understood that they were revealed, and wanted to hide their presence on the machines. Some machines already launched the plugin, lost their data and became unbootable."

  • "BlackEnergy2 and BlackEnergy3 are known tools. Initially, cybercriminals used BlackEnergy custom plugins for launching DDoS attacks. There are no indications of how many groups possess this tool. BlackEnergy2 was eventually seen downloading more crimeware plugins - a custom spam plugin and a banking information stealer custom plugin. Over time, BlackEnergy2 was assumed into the toolset of the BE2/Sandworm actor. While another crimeware group continues to use BlackEnergy to launch DDoS attacks, the BE2 APT appears to have used this tool exclusively throughout 2014 at victim sites and included custom plugins and scripts of their own. To be clear, our name for this actor has been the BE2 APT, while it has been called "Sandworm Team" also."

If you are security conscious or even not, this paper is a must read. 

Kaspersky Labs via ARS

No comments: