Slingshot: New malware on the scene lay undiscovered for years

12 Mar 2018

‘Slingshot’ malware was highly evolved. Image: stigmatize/Shutterstock

Slingshot is the latest malware, carrying out a myriad of spying activities in the Middle East and Africa.

Last week, a study from MIT researchers showed that blaming bots for the spread of misinformation on Twitter is a case of good old-fashioned scapegoating. False news apparently travels fast.

Do you know exactly how much value your data holds? Siliconrepublic.com spoke to Jeremy Tillman of Ghostery about third-party browser trackers.

Read on to keep abreast of the latest goings-on in infosec and enterprise.

Slingshot malware hid for six years

Kaspersky Lab researchers reported last week that they had uncovered malware so sophisticated, it remained undetected for six years, despite infecting at least 100 machines around the world.

The researchers said Slingshot is one of the most advanced attack platforms ever discovered, and they believe it was developed on behalf of a country with the funds to invest in such a sophisticated system.

Although it is unclear how Slingshot infiltrated every target, in some cases it got access to routers made by Latvian manufacturer MikroTik, planting malicious code within. Active since at least 2012, it remained operational throughout February. Analysts suggest it could have collected keyboard data, passwords and more, and was aimed at the Middle East and Africa.

500,000 NHS staff rely on insecure messaging apps to communicate

A new survey from CommonTime, reported in Infosecurity, found that 43pc of NHS staff rely on apps such as Facebook Messenger and WhatsApp, and 32pc only use these consumer-level tools to send messages at work. Frontline workers have an even higher instance of insecure app use, with 59pc of doctors and nurses using consumer instant messaging (IM) apps at least once a week, even though 75pc of users worried about confidentiality.

NHS policy forbids consumer IM apps, and the report mentioned examples of patient data being transmitted to the wrong person, sometimes outside of the organisation itself, as well as the sharing of patient addresses and phone numbers.

The tale of the ‘Olympic Destroyer’ malware attack

The Winter Olympics opening ceremony in Pyeongchang was marred by a cyberattack, and new revelations show that a number of false flags were planted to frame other groups for the incident.

Security researcher Vitaly Kamluk said: “Given how politicised cyberspace has recently become, the wrong attribution could lead to severe consequences, and actors may start trying to manipulate the opinion of the security community in order to influence the geopolitical agenda.”

The ‘Olympic Destroyer’ malware managed to temporarily freeze IT systems, cripple Wi-Fi and crash the Olympics website. Many rushed to pin the attack on a culprit such as the Lazarus Group, Russia and Iran, but the mystery remains. Apparently, the groundwork for the attack was laid in December, with a spear-phishing campaign targeting the official sponsors of the Olympic Games.

Government surveillance and Monero mining

State surveillance is growing in sophistication, as a new report published by Citizen Lab shows. Syrian and Turkish governments were found to have hijacked local internet users’ connections to covertly inject malware while in Egypt, browser-based cryptocurrency mining scripts were found in users’ web traffic using the same methods.

The governments, state agencies and internet service providers involved are using Deep Packet Inspection technology from Sandvine to intercept and modify users’ traffic.

In Turkey, the technology affected targeted users such as journalists and human rights activists, redirecting them to malicious versions of legitimate programs laced with spyware. Sites such as Wikipedia and the Kurdistan Workers’ Party website were also blocked.

In Syria, malicious versions of CCleaner and Avast Antivirus were bundled with government spyware.

A sneaky telecoms operator in Egypt was using Sandvine devices to inject a Monero mining script into every HTTP webpage visited by users.

New forum supporting women in security launches

8 March marked International Women’s Day, and the Security Industry Association celebrated with the launch of the Women In Security Forum to support women’s participation in the security field.

Networking events, programmes and professional development will be elements of the forum as well as identifying platforms to improve the visibility of women in the industry.

Brianne Brewer of SecureSet, a cybersecurity academy in Denver, Colorado, said: “A forum like this provides a platform to connect women and men who realise the critical role that inclusion and visibility play in talent development and providing a clear pathway for women in the security industry.”

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects

editorial@siliconrepublic.com