Hackers, who created Elderwood Platform, continue to attack

Symantec: Hackers, who created Elderwood Platform, continue to attack medium and large business

Representatives of the anti-virus company in an interview said that Symantec for quite a long time to track activity of the group and was able to establish that at the disposal of the participants is a very large collection of exploits so-called "o-day", that is, programs that attack the vulnerability, which is not publicly was known. Typically, vulnerability "0-day" written or direct organizers of the attack, or the professionals who sell them for big money.

In Symantec said that recently said the hacker group also began to attack and several major Western industrial companies involved in the supply of raw materials and industrial products. In addition, it was found that the hackers used a variety of components, the building blocks of a single unified platform, affectionately called "Elderwood Platform". The components of the platform had previously been involved in several high-profile attacks. The platform is designed so that with it you can quickly design and build exploits "o-day".


The team Symantec Security Response Team reported that the platform is likely to exist for more than a year as early as 2011 it was found at least eight unique samples of malicious software, specializing in the same mechanisms attacks "0-day". In Symantec said that eight of the total number of malicious programs for the year appearing viruses, Trojans and worms - is a drop in the ocean. But guards else: complexity and professionalism with which the codes are implemented, and their narrow focus in the conduct of industrial attacks.

"Right now, a small amount of virus used a zero-day attacks. Yet industrial viruses such as Stuxnet, Nitro, Skypoint Duqu or use that symbol. Fact of zero-day exploits not only speaks of the professionalism of hackers who write code, but also to their greater financial capabilities needed to buy data on vulnerabilities and testing code on their own systems, "- said in Symantec.

In most cases, to infect computers using these hackers targeted spam, which are directed to specific recipients in the company of the victim and forced him to run the resulting exchange through the mail code from hackers.

In Symantec noted that the company Google in 2009, suffered a hacker attack in Operation Aurora, then against it acted fairly large group of hackers, coordinated and worked on the same algorithm within weeks, hackers attacked another 34 companies, which means continuous development scenario and a clear allocation of roles in an offensive campaign.

"Most of the attacks exploit vulnerabilities in popular products such as Microsoft Internet Explorer or Adobe Flash Player, while a large part of the attacked companies operating in the U.S. or Western Europe," - say the antivirus company.

Experts also say that attackers are increasingly moving to targeted attacks of companies involved in the supply of products for working in the technology sector, as well as in biology and pharmacology. Besides often hackers attack suppliers of large companies and often work through them.

About a month ago, Symantec issued a warning for large business to significantly increase the number of targeted attacks by hackers who are tasked with industrial espionage and sabotage. A recent report by the U.S. anti-virus company says that 44% of cyber attacks, found in the last six months, the company focused on the number of employees more than 2500. By comparison, mid-sized companies with the number of employees from 250 to 2500 accounted for 37% of all attacks. It also reported an increase in the number of incidents.

"So how big business has more ambitious IT budgets, large amounts of data and a large number of computing nodes, they are becoming more frequent targets of hackers," - said Paul Wood, manager of Symantec.

According to the company, in June this year, big businesses were an average of 69 attacks a day, while the average business - 31 attack, and the small - 58 attacks a day. At the same time, the U.S. small businesses, according to statistics, are least likely to be attacked as a result of targeted attacks.

Symantec also notes the significant increase in the number of IT incidents of companies in the defense sector, pharmaceuticals and government agencies. Noted the tendency of cracking a small company with big clients that, after breaking a small business to be able to attack his partner. "You can say this: the big business should be more attentive to their suppliers and partners, as they can also be a vector of attack," - says Wood.