Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsForbes, 7/27: Kaspersky Anti-Virus Can Actually Help Spies Steal Data, Warn Researchers
https://www.forbes.com/sites/thomasbrewster/2017/07/27/kaspersky-av-hack-with-satellite-malware/#56db8d622e0fIn many ways Kaspersky anti-virus tools are a boon for personal and business security. But in one rather significant way, the Russian company's security software can actually help criminal hackers and spies, researchers claimed Thursday.
They say they've found a way to force the anti-virus products to assist snoops in pilfering data from segmented networks, those not connected to the wider internet. And Kaspersky says it isn't going to fix the problem, even though three other vendors who were found wanting in the exact same way decided to implement technical changes to make the attacks impossible.
-snip-
The researchers from cybersecurity start-up SafeBreach, wholl present their findings at both Black Hat and DEF CON conferences in Las Vegas this week, put together a sneaky attack that took advantage of a feature of modern anti-virus tools, namely Avira Antivirus Pro, ESET NOD32, Kaspersky Total Security 2017 and Comodo Client Security.
There was one significant caveat, however: they had to start with the premise that a computer on a segregated network not connected to the wider internet contained malware, noted Amit Klein, vice-president of research at SafeBreach. Typically, critical systems, like defense or infrastructure networks, arent connected to the web for security reasons, using whats known as an airgap, but its possible to infect them with USB sticks or other hardware, among myriad other techniques.
The SafeBreach hackers used that advantage to take stolen data from the network and place it into another file, which they dubbed satellite malware. This was wrapped up and purposefully detected by the various anti-virus systems tested by the researchers. Each anti-virus tool would then take the file up to their own server for further checks in what's known as a "sandbox," and from there Klein discovered he could start beaming the stolen data from the satellite to their own computer. It's a novel way to steal data from supposedly secure networks, made possible by the cloud systems not blocking outbound connections over various protocols.
-snip-
Of those found to be vulnerable to the attack, Avira, Comodo and ESET all addressed the problem, though Avira and ESET said they thought attacks were unlikely to occur in the real world. Kaspersky agreed with that assessment, but declined to fix the problem.
-snip-
They say they've found a way to force the anti-virus products to assist snoops in pilfering data from segmented networks, those not connected to the wider internet. And Kaspersky says it isn't going to fix the problem, even though three other vendors who were found wanting in the exact same way decided to implement technical changes to make the attacks impossible.
-snip-
The researchers from cybersecurity start-up SafeBreach, wholl present their findings at both Black Hat and DEF CON conferences in Las Vegas this week, put together a sneaky attack that took advantage of a feature of modern anti-virus tools, namely Avira Antivirus Pro, ESET NOD32, Kaspersky Total Security 2017 and Comodo Client Security.
There was one significant caveat, however: they had to start with the premise that a computer on a segregated network not connected to the wider internet contained malware, noted Amit Klein, vice-president of research at SafeBreach. Typically, critical systems, like defense or infrastructure networks, arent connected to the web for security reasons, using whats known as an airgap, but its possible to infect them with USB sticks or other hardware, among myriad other techniques.
The SafeBreach hackers used that advantage to take stolen data from the network and place it into another file, which they dubbed satellite malware. This was wrapped up and purposefully detected by the various anti-virus systems tested by the researchers. Each anti-virus tool would then take the file up to their own server for further checks in what's known as a "sandbox," and from there Klein discovered he could start beaming the stolen data from the satellite to their own computer. It's a novel way to steal data from supposedly secure networks, made possible by the cloud systems not blocking outbound connections over various protocols.
-snip-
Of those found to be vulnerable to the attack, Avira, Comodo and ESET all addressed the problem, though Avira and ESET said they thought attacks were unlikely to occur in the real world. Kaspersky agreed with that assessment, but declined to fix the problem.
-snip-
InfoView thread info, including edit history
TrashPut this thread in your Trash Can (My DU » Trash Can)
BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks)
3 replies, 1673 views
ShareGet links to this post and/or share on social media
AlertAlert this post for a rule violation
PowersThere are no powers you can use on this post
EditCannot edit other people's posts
ReplyReply to this post
EditCannot edit other people's posts
Rec (12)
ReplyReply to this post
3 replies
= new reply since forum marked as read
Highlight:
NoneDon't highlight anything
5 newestHighlight 5 most recent replies
Forbes, 7/27: Kaspersky Anti-Virus Can Actually Help Spies Steal Data, Warn Researchers (Original Post)
highplainsdem
Jul 2017
OP
Don't use it, but glad to see someone said the "attacks were unlikely to occur in the REAL WORLD."
Hoyt
Jul 2017
#1
They probably have enough blackmail information on many in this country: pr0n, banking, etc.
TheBlackAdder
Jul 2017
#3
Hoyt
(54,770 posts)1. Don't use it, but glad to see someone said the "attacks were unlikely to occur in the REAL WORLD."
I hope we get back to the real world soon.
beam me up scottie
(57,349 posts)2. So the invasion isn't happening?
Caution is warranted and even though I've never used their products if I did I would be inclined to remove them after hearing these reports.
That said, over the top hysteria about a full scale invasion by way of Kaspersky software is encroaching on Alex Jones' territory.
There's a lot of fake news out there, thanks for setting the record straight.
TheBlackAdder
(28,167 posts)3. They probably have enough blackmail information on many in this country: pr0n, banking, etc.