This week we announced the software release of Sophos UTM Accelerated (9.2), our best UTM release ever, with more than 100 new features including Advanced Threat Protection that provides a multi-layered approach to stop so-called advanced persistent threats (APTs).
Meanwhile, our researchers at SophosLabs have uncovered a disturbing trend in APTs — methods formerly seen only in espionage-style attacks are now increasingly common in malware attacks from money-making cybercriminals.
And in a shocking development, newly reported leaks from former NSA contractor Edward Snowden revealed that the NSA is engaged in surveillance practices that appear to borrow tactics we once thought were only likely to be employed by cybercriminals.
Zbot borrowing techniques from APTs
In the past couple of months, our labs have seen a dramatic rise in the number of APT-style attacks spreading malware belonging to the Zbot/Zeus family. According to SophosLabs threat researcher Gabor Szappanos, who has been studying APTs for the past year, about one-third of the attacks using infected Microsoft Office documents in recent months have contained Zbot.
What’s unusual about this finding is that document-based attacks had previously been used almost exclusively by APTs designed for espionage and surveillance. But Zbot, which is designed to steal financial data including banking credentials, is now using document-based attacks to spread itself to more victims, in order to make more money for its masters.
As Gabor reported at Naked Security, more “traditional” cyber gangs in the business to make money appear to be learning lessons from APT spies who want to steal other kinds of information.
“Sadly, these two sorts of digital criminality are no longer as compartmentalized as they used to be,” Gabor writes, as reported by ITbusiness.ca.
NSA leaks reveal plan to infect millions of computers with malware
If money-making crooks can follow the lead of spies, it appears the spies can borrow tactics from the crooks as well. This week, newly reported information about NSA documents leaked by Edward Snowden revealed that the U.S. spy agency plotted in 2009 to infect millions of computers with malware using an automated program called TURBINE.
As was reported in The Intercept, the website of former Guardian journalist Glenn Greenwald, the leaked documents show NSA plans to hack into computers and Internet routers with malware in order to collect intelligence on non-U.S. individuals and entities.
Some of the tactics the NSA has used included creating a fake website posing as Facebook in order to launch “man-in-the-middle” attacks, as well as malware that can turn on a hacked computer’s microphone or webcam to record people nearby, and keyloggers that can steal login IDs and passwords.
Critics of the program said the NSA has stepped over the line.
“This is not about targeted surveillance anymore, but wholesale mass surveillance – the legality of which has been questioned by some of its participants,” Sophos security expert John Shier tells the Christian Science Monitor.
Sophos UTM Accelerated (9.2) blog series
- #1 – Simpler email encryption and DLP
- #2 – Smarter web user authentication
- #3 – Easier web policy enhancements
- #4 – Safer two-factor authentication
- #5 – Advanced Threat Protection (ATP)
- #6 – Faster IPS scanning for improved performance
- #7 – Safer Web Application Firewall
- The wait is over: Introducing Sophos UTM Accelerated (9.2), our best UTM release ever
Stay in the know
Never miss a beat with the latest news, opinion and advice from our experts. Sign up for our Sophos Blog newsletter by filling in your email address at the top of the page (you can receive notifications after each post, or on a daily or weekly basis).