A startling new report has revealed how Advanced Persistent Threat (APT) groups operating on the behalf of the Chinese government used adware to target Windows and Android devices.
Decade of the RATs: Cross-Platform APT Espionage Attacks Targeting Linux, Windows and Android, released by BlackBerry, reveals how these Chinese hackers have managed to successfully target specific systems without detection since 2012.
The attacks particularly focussed on Linux servers, which run nearly all of the top 1 million websites online, 75 per cent of all web servers and 98 per cent of the world’s supercomputers.
The hackers used a number of different techniques to evade the many security systems that are in place, including adware, which is the software that generates online advertisements in a user interface.
By giving malware (malicious software that aims to damage or violate devices) adware code-signing certificates, these APT groups were able to increase the infection rates, as any red flags were simply dismissed as another blip in the constant stream of adware.
According to BlackBerry, this adware technology – that is used so widely in the online advertising ecosystem – offers a way for malicious actors to “hide in plain sight”.
“At first glance, using code-signing certificates belonging to adware developers seems completely counterproductive,” Blackberry says in the report.
“Malware that may previously have gone undetected would now almost surely be immediately noticed. At least a handful of antivirus vendors would flag it, if only on the basis of the adware code-signing certificate.
“Why would an attacker, particularly one aligned with the interests of a nation state, want to do that?”
However, it seems that by giving malware the disguise of adware, these hackers managed to reduce their risk of detection.
“In our judgement, these threat actors would rather be found and then ignored than found and investigated, particularly on the Windows platform where so much of the antivirus attention is focused,” BlackBerry explains.
“Malware masquerading as adware stands a good chance of being overlooked or disregarded if it is detected, especially in busy corporate enterprise environments because they manage a “stack” of multiple security technologies, each with its own set of alerts.”
Networks and host defenders are each day inundated with warnings of a potential breach.
BlackBerry suggests that these findings show the need for security operators to reassess how they determine “run-of-the-mill” nuisances versus malware that is potentially masquerading as adware.
In a year where ‘business as usual’ is anything but, AFR BOSS reveals six of Australia’s most inspirational and outstanding young leaders who excelled during the pandemic. The six have been crowned the 2021 BOSS Young Executives in the prestigious awards program, now in its 18th year. Run in conjunction with global leadership consulting firm […]
HUMAN Security (formerly White Ops) today announced two new founding Human Collective members: Index Exchange and MediaMath. Together they participated in thought-provoking panel discussions during the recent IAB Tech Lab CTV & Video Advertising: Growing with Standards virtual event where they emphasized how important it is to work together in the fight against fraud on […]
SCA has announced the appointment of Cathrine McVeigh to head of audio production and operations. She will be part of the content leadership team. In the newly created role, McVeigh will oversee the creation of SCA’s new audio production and content operations hub and lead a combined team across the country to deliver a rapidly […]