Protect Your Assets
Showing results for 
Search instead for 
Do you mean 

Malware from a universe far, far away

stuarthatto ‎01-23-2014 12:55 PM - edited ‎09-16-2015 04:46 PM

In 1977, the world (well, the “geeky” part of it) was invited to watch a movie that has since become a cult series of 6. That movie was Star Wars, since known as Episode IV: A New Hope. During the opening of Star Wars, we watched as Princess Leia hid the plans for the Empire’s Battle Star in a cute, whistling droid, called R2-D2. (I’ll bet you still try to whistle like it!)

 

A trick R2-D2 had was the ability to ‘interface’ with the Empire’s computer systems and gain access through locked doors, and also download plans for space stations. Quite the little guy! That was 1977—today, we would call him a hacker, but he also seems to have become part of a collective and trained his furry and more aggressive colleague, Chewbacca, to do the same!

 

Ok, maybe it’s a stretch of an analogy to call R2-D2 and Chewbacca hackers—but look at what they did! They hid information from scrutiny, they accessed systems that should have been barred to them, and they exfiltrated secrets.

 

In 2013 and early 2014, a malware variant attacked a number of high-profile organisations in the United States and exfiltrated "secrets, "or as we call them,  credit card details. The malware was given the name “Chewbacca” and it used the TOR (The Onion Router Network) to both hide and spread, and also to exfiltrate the credit card details.

 

There is no good reason why any commercial organisation should allow TOR access, in or out of its organisation—I can see a possible argument for academic networks—but commercial networks should have this locked right down.

 

HP TippingPoint has had protection in its filters for many years to prevent TOR access, and also an emergency filter was written to detect the malware. This filter is now in our mainstream protection that we call Digital Vaccine. We also have the data exfiltration IP addresses in our ReputationDV service which, if an organisation does become compromised, will help in the blocking of communication and removal of your secrets. These IP addresses are scored very high, they are malicious, and they should be blocked.

 

The protection is automatic with both TippingPoint’s mainstream filter and with our ReputationDV service—it will block this malware and its communication with almost zero touch required from a security administrator.

 

The alternative is to employ Stormtroopers. It may give you a sense of well-being and protection but ultimately, you know the Jedi’s will win, and not all Jedis are on the side of good and right.

 

0 Kudos
About the Author

stuarthatto

EMEA Product Manager, TippingPoint

Events
Aug 29 - Sep 1
Boston, MA
HPE Big Data Conference 2016
Attend HPE’s Big Data Conference on August 29 - September 1, 2016 to learn from peers in every industry and hear from Big Data experts and thought lea...
Read more
Sep 13-16
National Harbor, MD
HPE Protect 2016
Protect 2016 is our annual conference on September 13 - 16, 2016, and is the place to meet the world’s top information security talent, discuss new pr...
Read more
View all