The past week's dominant IT security news included more revelations about the Duqu Trojan along with details about various cyber-attacks around the world and a report to the U.S. Congress that accuses Russia and China of engaging in large-scale cyber-spying.
continued to dominate security headlines as researchers analyzed the malware to
discover its origins and intended target.
Indian government, acting on information provided by Symantec researchers,
raided a Web hosting company in Mumbai and
seized hard drives and other components
from a server suspected of being a
remote command and control server for the information-stealing Trojan.
of researchers around the world looked for the installation file to figure out
how Duqu was being transmitted and to identify potential attack vectors.
Hungary's Laboratory of Cryptography and System Security (CrySyS) and Symantec
said they had found a malicious Word document booby-trapped to take advantage
zero-day vulnerability in the Windows
issued an advisory
less than 48 hours later, identifying the unknown
security flaw and providing a temporary workaround while the company worked on
a patch. The issue with the Win32k TrueType font parsing affected every
supported version of Windows, including the more secure Windows 7 and Windows
patch will not be available by November's Patch Tuesday release this week, and
Microsoft did not indicate when the Duqu fix would be available.
researchers, who first publicized Duqu in October, have identified another
malware attack. The
cyber-espionage campaign, dubbed "Nitro
," resulted in unknown
attackers stealing data from at least 48 companies, including chemical and
Duqu, it doesn't appear that the gang behind Nitro bothered with any zero-day
exploits. The cyber-spies relied on a well-known off-the-shelf Trojan called
PoisonIvy to open a backdoor on infected systems. Once the Trojan was on the
network, attackers were able to uncover network information and obtain a dump
of cached Windows password hashes. Symantec claimed to have traced the servers
that received the stolen data to an individual living in China.
of China, at least one Congressional report has taken off the diplomatic gloves
and directly accused
China and Russia of spying
on the United States using cyber-methods. The
Office of the National Counterintelligence Executive wrote in a report to
Congress that China is the "world's most active and persistent"
perpetrator of economic espionage against the United States.
Russia and other countries are using data stolen from cyber-espionage
operations to benefit domestic companies and gain competitive advantage, the
U.S. and European Union conducted its
first joint cyber-war exercise
, to explore how officials on both sides of
the Atlantic would cooperate in the case of a cyber-attack on critical
infrastructure. EU officials have conducted several cyber-exercises recently,
and the Department of Homeland Security regularly runs simulated attacks with
various branches of the military and government agencies.
authorities also arrested and
jailed 13 people
in England for participating in a Zeus Trojan cyber-fraud
operation that may have bilked victims out of approximately $4.6 million. The
gang used Zeus to infect user computers to steal documents and log-in
credentials. The gang of 13 was led by two Ukranian men.
a contest where participants applied
social engineering techniques
to obtain certain types of information, none
of the 14 companies targeted succeeded in keeping the data safe,
Social-Engineer.org disclosed in an Oct. 31 report summarizing an exercise
conducted at the Defcon conference in early August. Firms targeted included
Apple, AT&T, Conagra Foods, Dell, Delta Airlines, IBM, McDonald's, Oracle,
Symantec, Sysco Foods, Target, United Airlines, Verizon and Walmart.