Flame reignites IT security concerns

12 June 2012

Kaspersky Lab recently announced the discovery of the latest piece of malware. Nicknamed Flame, the company described it as: "A sophisticated malicious program that is actively being used as a cyber weapon attacking entities in several countries. The complexity and functionality of this newly discovered malicious program exceed those of all other cyber menaces known to date.”

Debate is already raging as to whether the information-stealing malware warrants being described as a ‘weapon’ and you can be sure that the debate will rumble on for some time, along with the political wranglings, which began almost immediately following the first identification of Flame, with accusations, denials and the promise of investigations.

We are told that the malware was discovered during an investigation into another unknown malware programme – Wiper – prompted by the International Telecommunication Union (ITU), an agency that manages the global usage of radio spectrum and sets standards for wireless Internet and mobile phone service. The malicious program, detected as Worm.Win32.Flame by Kaspersky Lab’s security products, is designed to carry out cyber espionage, stealing information, including computer display contents, information about targeted systems, stored files, contact data and even audio conversations.

It is thought that the malware may have been active for over two years. Apparently, it is so complex in nature that it has avoided detection by security software until now. Put simply, it is designed to steal information from infected machines which is then sent to a network of command-and-control servers located in many different parts of the world. The exact infection vector has still to be revealed, but it has been stated that Flame is able to replicate over a local network using several methods, including the same printer vulnerability and USB infection method exploited by Stuxnet. Indeed, Kaspersky Lab has, gone to more recently identifiy that part of the Flame program code is almost identical to code found in a 2009 version of Stuxnet.

Whatever its origins, the identification of the Flame malware program once again brings IT security to the forefront of our minds. It highlights the continuing vulnerability of networked environments, a vulnerability that is only increased by the introduction of USBs and other forms of consumer memory.

Victoria James, marketing director at Nexus GB, a supplier of industrial memory products and solutions for embedded systems, believes it is time to address the security issues presented by USB sticks. She said: “Security issues relating to USB sticks include the frequent loss of data stored on unencrypted consumer style portable memory as well as viral and malware attacks. It may be that Flame, Stuxnet and Duqu bookmark the end of the USB’s age in high level professional and OEM applications and usher in an era of specialised, secure devices.”

For industry this latest malware identification only goes to highlight yet again the need for even more vigilant monitoring of network activity and the need to be able to quickly identify any unusual activities or behaviour. One of the main challenges in protecting industrial control systems lays in the fact that most were not designed with cyber security in mind. Instead, security solutions have been layered on well into the lifecycle of the network, possibly leaving room for would-be attackers to compromise their functionality.

Commenting in the issue of cyber security at the recent Emerson Global Users Exchange event in Dusseldorf, Bob Yeager, president, Emerson Process Management Power & Water Solutions, said: “I believe that the demand for information in modern power plants – networking, transmission, distribution, distributed technology and heterogeneous networking environments, where it is necessary to get all this information from a plant and to path grade analysis – puts us on a collision course with cyber security. There is a huge demand for open technologies and open networking, sitting alongside the pressure for greater cyber security. The discovery of the latest Flame malware puts further pressure on product vendors, such as Emerson, who need to consider the implications that greater cyber security will have on their product offerings. I believe that the security pressures will get worse as more mutant versions of these viruses are created. There are increasing regulatory requirements surrounding cyber security too. In the US where everything will be declared as critical assets and will require cyber protection. I believe that this will create issues relating to strategy and longer-term lifecycle management.”

Print this page | E-mail this page