When Competitors Become Threats in Cyberspace

We've all heard of the cyber threat from cybercriminals, cyberterrorists and hacktivists. They seek to steal our IP and disrupt our services for financial gain or political protest. But one threat that is rarely discussed and certainly growing is the 'competitor threat'.

The apparently lawful competitor who will seek commercial advantage through our disarray. It is now so easy and so cheap to hire a criminal botnet, that some unscrupulous companies are covertly employing criminals to launch distributed denial of service (DDoS) attacks against their commercial competitors.

DDoS is mostly an inconvenience that can be borne or mitigated - it is rarely fatal. Now, however, there is a new threat on the horizon: the targeted data destroyer. In some ways this threat started with the mythical malware dubbed 'Wiper'. There is no known sample of Wiper in captivity (that is, held by the anti-virus companies). It infects a computer, wipes the data on that computer and then destroys itself - it is a pure cyberweapon thought to have been developed by the US and/or Israel for use against 'enemies' such as Iran. We know of the existence of Wiper only through the damage it causes and a few, very few, forensic clues it leaves behind.

But you can't hide good malware forever. Something called Shamoon appeared a couple of months ago, and attacked and destroyed data on Saudi computers. It is generally considered to be a 'copy' of Wiper, produced by Iran or Iranian hackers and used in retaliation for the Iranian oil embargo.

Now we have Narilam, malware that according to the experts bears more resemblance to traditional criminal malware than it does to state-sponsored malware like Wiper (or Stuxnet or Flame). Narilam has once again been found primarily in Iran (although samples have also been found in the UK and USA).

What is interesting - or worrying - about Narilam is that it targets specific databases; databases only likely to be found in specific Iranian companies. It doesn't destroy the databases, it writes random data over some items and destroys some selected database tables, leaving the database corrupt and very difficult to recover. The point here is that it is highly targeted and not likely to be state-sponsored. In fact, the Iranian Computer Emergency Response Team (Maher) declared, "The simple nature of the malware looks more like a try to harm the software company reputation among their customers."

Narilam in Iran is an example of one company trying to obtain competitive advantage over another through the implementation of highly targeted and destructive malware. It doesn't take much imagination to see that targeted phishing campaigns using intelligence learnt from social networks could lead to copycat malware being planted on individual targets, and for that malware to do its damage and then destroy itself. If this isn't already happening, it undoubtedly will. The seeds, and the idea, already exist.

It opens a new front that we now need to defend. It's no longer just our confidential information and intellectual property that we must ring fence, nor our websites we must defend from denial of service attacks, but the day-to-day operational databases that will be targets in the future. What we store, how we store it - and especially how we backup and recover corrupt data in a timely fashion are just some of the new things we need to consider.

Not sure of the best way forward to ensure all your systems and data are secure? Get in touch with Managed Networks directly for a no-obligation conversation to assess your network infrastructure as it stands.

Quite apart from the danger of regulatory fines, data breaches can injure reputation, steal intellectual property, impact share prices or even bring the whole company to its knees.


Post a Comment