Ataques "Night Dragon" - roubo de informação confidencial

Um relatório da McAfee relata o que a empresa descobriu sobre ataques contra empresas que operam infraestruturas críticas visando o roubo de informação confidencial.

Resumo:

"In 2010, we entered a new decade in the world of cybersecurity. The prior decade was stained with immaturity, reactive technical solutions, and a lack of security sophistication that promoted critical outbreaks, such as Code Red, Nimda, Blaster, Sasser, SQL Slammer, Conficker, and myDoom—to name a few. The security community has evolved and grown smarter about security, safe computing, and system hardening but so have our adversaries. This decade is setting up to be the exponential jumping off point. The adversaries are rapidly leveraging productized malware toolkits that let them develop more malware than in all prior years combined, and they have matured from the prior decade to release the most insidious and persistent cyberthreats ever known.

The Google hacks (“Operation Aurora”), named by McAfee and announced in January 2010, and the WikiLeaks document disclosures of 2010 have highlighted the fact that external and internal threats are nearly impossible to prevent. Miscreants continue to infiltrate networks and exfiltrate sensitive and proprietary data upon which the world’s economies depend every day. When a new attack emerges, security vendors cannot stand by idly and watch. We are obligated to share our findings to protect those not yet impacted and to repair those who have been. As such, McAfee Foundstone Professional Services and McAfee Labs decided to release the following discovery.

Starting in November 2009, coordinated covert and targeted cyberattacks have been conducted against global oil, energy, and petrochemical companies. These attacks have involved social engineering,  spearphishing attacks, exploitation of Microsoft Windows operating systems vulnerabilities, Microsoft Active Directory compromises, and the use of remote administration tools (RATs) in targeting and harvesting sensitive competitive proprietary operations and project-financing information with regard to oil and gas field bids and operations. We have identified the tools, techniques, and network activities used in these continuing attacks — which we have dubbed Night Dragon — as originating primarily in China. Through coordinated analysis of the related events and tools used, McAfee has determined identifying features to assist companies with detection and investigation. While we believe many actors have participated in these attacks, we have been able to identify one individual who has provided the crucial C&C infrastructure to the attackers."

O relatório: http://www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-night-dragon.pdf