Venafi says 'Son of Stuxnet' Duqu Trojan should act as an alarm for IT security professionals
"2011 is the year of third-party compromises," according to Calum MacLeod, Director of Venafi EMEA, the enterprise key and certificate management (EKCM) security specialist, "We have seen five significant compromises in the last year that have targeted the highest-value attack targets: third-party trust providers, including Stuxnet, Comodo, StartSSL, Diginotar and now DuQu."
Early analysis of the Duqu malware suggests that it is a refined version of the original Stuxnet. However the difference is that it is fitted with a remote access trojan. "Duqu is the embodiment of pre-attack strategies leveraged in militaries all around the world: send in reconnaissance agents, gather intelligence and report back," said MacLeod. "This is what this new malware does on an automated basis: gathering intelligence data and other digital assets from systems that use industrial control technologies, and then relaying that information back to base," he said.
The initial Stuxnet malware incident offers a clarion wakeup call to IT security, as it intentionally exploited the poor management practices that exist in many organisations today. The first consideration is how a compromised digital certificate was leveraged in the attack. The signed certificate was used to authenticate itself within the environment, thereby allowing the malware to act as a trusted application to communicate with other devices. This was the first reported incident of a digital certificate being deployed in this type of attack, and must be viewed as an ominous sign of things to come.
Organisations often don't know where their digital certificates-commonly issued for securing communications, protecting sensitive data and/or for mutual authentication between devices-have been deployed and are in use. This is an unacceptable situation to anyone who takes security seriously. Allowing unknown and undiscovered encryption assets to exist within a closed IT environment represents an unquantified risk. A failure to manage this kind of risk exposes organisations to increased vulnerabilities such as the Stuxnet attack.
MacLeod says that the discovery of the Duqu malware should act as a major wakeup call to the IT security industry to be prepared to repel the threat that Duqu and its variants undeniably poses - and to do so immediately.
"I think the fact that Duqu has used a rogue digital certificate to fool IT users into thinking that it represents trusted code is highly significant. Organisations must have a complete inventory of all the certificates from their certificate authority - monitor them and know which ones are within policy - in order to revoke and remove those that are not or they are facing unquantifiable risk," he said.
"It is notable that this is second reported incident of a digital certificate being deployed in this type of attack, and must be viewed as an ominous sign of things to come, both in terms of cyberwarfare and the hijacking of digital certificates as a subversion and infection methodology," he added.
For more on Venafi: www.venafi.com
For more on the 'Son of Stuxnet' http://bit.ly/nh5lzb
Venafi is the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) solutions. Venafi delivered the first enterprise-class solution to automate the provisioning, discovery, monitoring and management of digital certificates and encryption keys-from the datacenter to the cloud and beyond-built specifically for encryption management interoperability across heterogeneous environments. Venafi products reduce the unquantified and unmanaged risks associated with encryption deployments that result in data breaches, security audit failures and unplanned system outages. Venafi also publishes best practices for effective key and certificate management at www.venafi.com/best-practices. Venafi customers include the world's most prestigious Global 2000 organisations in financial services, insurance, high tech, telecommunications, aerospace, healthcare and retail. Venafi is backed by top-tier venture capital funds, including Foundation Capital, Pelion Venture Partners and Origin Partners. For more information, visit www.venafi.com.
Press releases you might also be interested in
Weitere Informationen zum Thema "Sicherheit":
Schwachstellen in Webanwendungen
Sicherheitslücken in Webanwendungen nehmen immer weiter zu, neben bekannten Kategorien wie Cross-Site Scripting gibt es auch neue Bedrohungen wie „unsichere Deserialisierung“. Mit dem Erfolg des Internet der Dinge (IoT) wachsen die Risiken weiter und beeinflussen die Sicherheitslandschaft dauerhaft. WordPress und PHP bleiben „dominierend“ im Hinblick auf veröffentlichte Sicherheitslücken in Content-Management-Systemen beziehungsweise serverseitigen Technologien.Weiterlesen