Slingshot: Avoiding Sophisticated Cyber Espionage

Uploaded on 2018-03-22 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Researchers from Kaspersky Lab, a Moscow-based cyber security and anti-virus provider, have said in a report that it has discovered a highly sophisticated cyber-espionage campaign called Slingshot that spreads through compromised routers and remains undetected for years.

Slingshot is as complex as Project Sauron, the malware that remained undetected for five years and believed to be designed by a state-sponsored group. Another malware, Regin, that infected computers in several countries including India remained undetected for several years.

According to the researchers, there are almost 100 Slingshot victims, mainly from the Middle East and African countries. The threat is believed to have started in at least 2012 and is still active (February 2018). It went on to say that most of the victims initially got their computers infected through compromised Mikrotik routers or windows exploit.

The researchers said that a malicious code is found in several compromised routers made by the Latvian network hardware provider, making them believe that Slingshot is able to target victims by directly infecting such routers. However, they are clueless about how exactly the Mikrotik routers are compromised.

"The discovery of Slingshot reveals another complex ecosystem where multiple components work together in order to provide a very flexible and well-oiled cyber-espionage platform," wrote Kaspersky Lab researchers in its report. 

"The malware is highly advanced, solving all sorts of problems from a technical perspective and often in a very elegant way, combining older and newer components in a thoroughly thought-through, long-term operation, something to expect from a top-notch well-resourced actor," they added.

The malware can run in both kernel mode and user mode modules, which means attackers can have complete control over a compromised device.

How to avoid falling victim to Slingshot malware
Here are measures suggested by Kaspersky Lab researchers to keep advanced persistent threats (APTs) like Slingshot at bay:

  • Upgrade your Mikrotik router to the latest software version. However, it said you can avoid only one attack vector with such updates and not from the APT itself.
  • Implement a strategic approach to deal with attacks from the sophisticated malware. Security solutions like Kaspersky. 

Kaspersky's Threat Management and Defense tools can detect APT and come with expert services. If a targeted attack is detected, cybersecurity experts will act accordingly before any harm is done.

IB Times

You Might Also Read:

Gateway For Hackers:

Russian Spies Used Kaspersky Anti-V To Hack NSA:

 

 

« Cambridge Analytica Claim To Sway Elections With Facebook Data
Crypto Mining Malware Hits Business »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Homeland Security Advanced Research Projects Agency (HSARPA)

Homeland Security Advanced Research Projects Agency (HSARPA)

HSARPA's Cyber Security Division (CSD) was set up to address DHS cyber operational and critical infrastructure protection requirements.

AVR International

AVR International

AVR educate, advise, analyse and provide professional, technical consultancy and support to ensure your business is safe, compliant and protected.

Orange Cyberdefense

Orange Cyberdefense

Orange Cyberdefense is the expert cybersecurity business unit of the Orange Group, providing managed security, managed threat detection & response services to organizations around the globe.

CounterCraft

CounterCraft

The CounterCraft Cyber Deception Platform fits seamlessly into existing security strategies and delivers high-end deception for threat hunting and threat detection.

RangeForce

RangeForce

RangeForce delivers the only integrated cybersecurity simulation and skills analysis platform that combines a virtual cyber range with hand-on training.

ResponSight

ResponSight

ResponSight is a data science company focusing specifically on the challenge of measuring risk and identifying changes in enterprise/corporate networks using behavioural analytics.

Technology Law Alliance (TLA)

Technology Law Alliance (TLA)

Technology Law Alliance is a specialist IT law firm focussed on the fields of technology, outsourcing and e-commerce.

Scythe

Scythe

SCYTHE is a next generation red team platform for continuous and realistic enterprise risk assessments.

Loki Labs

Loki Labs

Loki Labs provides expert cyber security solutions and services, including vulnerability assessments & penetration testing, emergency incident response, and managed security.

Uptycs

Uptycs

Uptycs combines the open source universal agent, osquery, with a scalable security analytics platform for fleet visibility, intrusion detection, vulnerability monitoring and compliance.

1898 & Co

1898 & Co

Keep your critical assets secure with a comprehensive portfolio of services from high-level assessments to fully managed security services designed for operational technology applications.

MyKRIS Asia

MyKRIS Asia

MyKRIS specialise in providing and managing Internet network services and cyber security services to enterprises.

Cypago

Cypago

Cypago provides a powerful yet easy-to-use Compliance Orchestration Platform to automate the compliance process end-to-end.

Ivolv Cybersecurity

Ivolv Cybersecurity

Ivolv is here to assist your organization in building effective protection and resilience against cyber attacks.

ThreatMate

ThreatMate

ThreatMate empowers businesses with comprehensive tools to detect, protect, and remediate against cyber threats.

SECUREU

SECUREU

At SECUREU, we protect growing businesses against cyberattacks by proactively implementing best security practices, fixing existing security vulnerabilities, and increasing cyber awareness.