Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Moonlight Maze Attack Still Relevant Two Decades After Initial Debut

    By
    Sean Michael Kerner
    -
    April 3, 2017
    Share
    Facebook
    Twitter
    Linkedin
      ShadoBroker Hackers 2

      A cyber-attack that was first active in 1996 under the name Moonlight Maze, could well still be active today, 20 years after it first appeared, according to new research conducted by Kaspersky Lab and Kings College London researchers.

      The original Moonlight Maze attack impacted the Pentagon, NASA and the U.S. Department of Energy. The attack made use of an intricate set of network proxies in order to stay hidden from both defenders as well as security researchers. In 2016, researcher Thomas Rid of Kings College London was able to find a system administrator whose  servers had been used as a Moonlight Maze proxy.

      The system administrator actually had copies of log data from the compromised Moonlight Maze proxy host and he gave the information to Kings College and Kaspersky Lab, where it was analyzed. The analysis has led the researchers to the conclusion that code from Moonlight Maze has been used in more recent attacks, including the Turla advanced persistent threat (APT).

      In particular, there is a variant of the attack known as Penquin Turla which makes use of a specific type of backdoor code, called LOKI2, that was also a core element of Moonlight Maze attack code. 

      “We need to ask ourselves why it is that attackers are still able to successfully leverage ancient code in modern attacks,” Juan Andres Guerrero-Saade, senior security researcher, Global Research and Analysis Team at Kaspersky Lab, said in a statement. “The analysis of the Moonlight Maze samples is not just a fascinating archaeological study; it is also a reminder that well-resourced adversaries aren’t going anywhere. It’s up to us to defend systems with skills to match.”

      Security professionals contacted by eWEEK were not all that surprised by Kaspersky’s Midnight Maze disclosure.

      Nathan Wenzler, chief security strategist at AsTech, a San Francisco-based security consulting company, commented that the linkage of the Moonlight Maze attack to more modern APTs should come as no surprise to anyone in the security field. 

      “While the spotlight is often put upon the latest and greatest attacks, the truth is that all attacks typically take advantage of the same sorts of vulnerabilities and exploits which are not getting fixed,” Wenzler told eWEEK. “Cyber-criminals are always going to follow the path of least resistance, so, it’s far easier to piggyback off an existing attack then to try and find a wholly new attack vector.”

      Chris Roberts, chief security architect at Acalvio, a Santa Clara, Calif.-based provider of advanced threat detection and defence solutions, also isn’t surprised at Kaspersky’s disclosure either, as code re-use is not uncommon. 

      “What I do appreciate is that code from 20 years ago is still finding a home,” Robert said. “It’s also a sad, but accurate, fact that 20 year old code can still break into things.”

      From a defensive perspective, Brian Vecci, Technical Evangelist at insider threat protection vendor Varonis, commented that as long as data has value, it will always be a target for theft or abuse. He suggests that organizations focus on the data that poses the biggest risk for theft or abuse, instead of focusing on the threats. 

      “When organizations begin operating as if they are already breached, then they start asking the right questions about their data and how to protect it,” Vecci said. “Organizations should put a micro-perimeter around their sensitive data and monitor and flag for anomalous behavior—like data access and exfiltration.”

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×