Think Information. Think Security.
Researchers at security firm Mandiant have identified a backdoor trojan, called Hikit, which has targeted a small number of defense contractors in the United States.

Ryan Kazanciyan, a principal consultant at the Washington, D.C.-based company, told on Monday that the malware, first discovered last year, falls into the category of an advanced persistent threat.
As opposed to financial fraud, the goal of the attackers behind Hikit is to conduct industrial espionage and steal sensitive data, he said.

The trojan itself is not used to initiate a breach, but to exploit an existing server vulnerability so that attackers can maintain access to victims' data. Hikit can run commands on a  targeted server, as well as transfer files to retrieve data and redirect traffic within other systems of the victims' internal network.

Researchers at Symantec wrote a blog post on the Hikit threat Friday, explaining that the malware, in an attempt to evade any detection, does not contact a command-and-control server or attacker upon installation. As Hikit was launched as just one of many pieces of malware by attackers, Mandiant's Kazanciyan said the malware could go undetected for several years, due to the size and complexity of most victims' corporate networks and the attacker's ability to rely on stolen credentials to maintain access.

Citing the arduous process of uncovering this particular threat, Kazanciyan said in a number of cases, many of the victims only become aware that they've been targeted only after being notified by law enforcement. Once the find out they've been hit, organizations should first conduct an investigation to determine how the malware got onto their servers, as it must be installed by someone who has privileged access to the system, he said.

To limit the targeted malware's impact, organizations can isolate their internet-facing systems so the malware is kept from being redirected elsewhere in the network.

“The attacker may get stuck on only interfacing systems,” Kazanciyan said.

Cross-posted from: SC Magazine
9/24/2012 09:24:52 am

The information you shared through your post is functional. I admire your work. Wish you all the luck for all your blogging efforts.


Leave a Reply.