Menu
'The Mask' malware sets standards hackers are sure to follow

'The Mask' malware sets standards hackers are sure to follow

The hackers' mission is to steal sensitive data, but the capabilities of their malware go far beyond pilfering documents

A recently discovered hacking group called "The Mask" has set a new standard for malware used in sophisticated attacks against government agencies, industry and research organizations, experts say.

On Monday, Kaspersky Lab reported discovering the advanced Spanish-speaking group that has been involved in cyberespionage since at least 2007.

The Mask, aka Careto, has targeted government institutions, diplomatic offices and embassies, energy, oil and gas companies, research organizations and activists in 31 countries from the Middle East and Europe to Africa and the Americas.

The hackers' mission is to steal sensitive data, but the capabilities of their malware go far beyond pilfering documents. It can also take from networks various encryption keys and authentication keys used in machine-to-machine communications.

"Basically, everything secured and confidential easily becomes available and in a plain text," Dmitry Bestuzhen, head of the research center for Kaspersky Lab in Latin America, said Tuesday.

Versions of the malware were found for Windows, Mac OS X and Linux. Other versions are believed to be capable of infecting Android and iOS mobile devices.

The Mask has built malware that has set a new standard for other hackers to emulate, security experts say.

"It will serve as a model for new cyber-weapon developers worldwide," Tatu Ylonen, chief executive of SSH Communications Security, said. "Future viruses and cyber-weapons will share many of its features."

The discovery of The Mask, which experts say is likely working for a nation-state, is expected to spark a cyber-arms race, Bestuzhev said.

"They certainly will invest more money in new exploit development, trying to align their cyber-arms to the same level as their potential adversaries," he said.

To infect systems, the group started with emails designed to get the recipient to click on a link to a malicious website. The site contained a number of exploits that were downloaded based on the configuration of the visitor's computer.

Following the infection, the visitor was redirected to the benign website referenced in the email, which could be a YouTube movie or news portal.

Because the malware was designed to evade anti-virus software, the best defense would be to catch the malicious app after it is installed.

"This malware highlights how critical it is to audit SSH (machine-to-machine authentication) keys, minimize their number, and regularly change them," Ylonen said.

Kevin Coleman, strategic management consultant for SilverRhino, which specializes in IT security for U.S. government agencies, favored technology that monitors software behavior in the network and warns of unusual activity.

Organizations should also monitor outbound traffic and make sure it is going to known IP addresses, Coleman said.

"We've got to up our game, because of all that's at stake," he said.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags securityThe Mask

Featured

Slideshows

Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Veritas honours top performing trans-Tasman partners

Veritas honours top performing trans-Tasman partners

Veritas honoured its top performing partners across the channel in Australia and New Zealand, recognising innovation and excellence on both sides of the Tasman. Revealed under the Vivid lights in Sydney, Intalock claimed the coveted Partner of the Year 2017 (Pacific) award, with Data#3 acknowledged for 12 months of strong growth across the market. Meanwhile, Datacom took home the New Zealand honours, with Global Storage and Insentra winning service provider and consulting awards respectively. Dicker Data was recognised as the standout distributor of the year, while Hitachi Data Systems claimed the alliance partner award. Photos by Bob Seary.

Veritas honours top performing trans-Tasman partners
Show Comments