Operation Blockbuster, a coalition of security companies led by
Novetta, on
Wednesday published a report detailing the activities of the Lazarus
Group, the organization responsible for the 2014 cyberattack against
Sony Pictures Entertainment.
Researchers last week published detection signatures to the Novetta, on
Wednesday published a report detailing the activities of the Lazarus
Group, the organization responsible for the 2014 cyberattack against
Sony Pictures Entertainment.
companies' respective software in the hope of disrupting the group's
activities.
attackers used but has not eliminated the threats worldwide, Operation
Blockbuster said.
Last year, researchers began identifying several malware hashes
publicized by the security community following the Sony attack. From
those hashes they established a baseline of the malware capabilities,
common code and libraries used in the malware samples, according to the
report.
They used the fragments of code and library functions to detect
additional malware samples. They used proprietary tools and Totem, an
open source Novetta-developed framework for large-scale file analysis
and triage.
Refining that process led researchers to detect and analyze more than
45 distinct malware families related to the Sony malware, according to
Brian Bartholomew, a researcher at coalition member
Kaspersky Lab.
"I think we are definitely putting a dent in their operation. I don't
think it is going to make them disappear, but it is definitely causing
them some headaches," he told the E-Commerce Times.
Other members of Operation Blockbuster include AlienVault, Invincea, PunchCyber, Symantec, ThreatConnect and Volexity.
Measured Tactics
The Lazarus Group has conducted multiple attacks over at least six years, the most-well-known being the attack against Sony. The group also
is responsible for some 43 malware families, said Bartholomew.
"They moved the line in the sand. They are still out there and functioning," he said.
The malware definitely poses a real threat all over the world,
Bartholomew said. The attackers were not very selective about their
targets, and they have played by a different set of rules.
Still, the progress the coalition has made in countering the massive
malware attacks is impressive, according to Andrew Ludwig, senior
technical director at Novetta who led the report.
"The biggest change comes with the identification and analysis of
such a vast array of unique malware tools and capabilities that are all
interrelated," he told the E-Commerce Times.
Ever Present Threat
Hacking groups are spawning because hacking is effective in cybercrime and cyber espionage.Revelation of the activities conducted by the Lazarus Group is proof
of the growing problem, according to Ben Johnson, chief security
strategist at
Carbon Black.
"The big reveal that the Lazarus Group exists does not increase or
change the current state of the threat landscape. It underscores that
there are many other groups like this one that are acting with the
intent to exfiltrate valuable data from an organization, potentially pin
their attack on another group or country and act in accordance with
whatever code they have set forth," told the E-Commerce Times.
The details the report provides does little to change the malware landscape, noted Jeff Reingold, co-founder of
Panurgy. All
that's new are reported details of the multiyear efforts and
investigation by Novetta and others to gain more detail into who was
behind the Sony Pictures attack, the specific malware code and
techniques used.
"While the results of the investigation may help make a dent in the
possible further damage that could be done by Lazarus or others using
those same malware tools, it does not change the landscape much
regarding ongoing and future attacks aimed at data theft and/or
destruction," he told the E-Commerce Times.
What To Do About It
A good defense and a strong offense are tactics to continue countering malware organizations.The Operation Blockbuster report suggests that the Lazarus Group is a
formidable threat actor capable of causing reputational and operational
harm, noted Norman Comstock, researcher for the
Berkeley Research Group.
It accomplishes this "by exfiltrating and leaking data, impairing
system availability or recoverability with great patience and
obfuscation," he told the E-Commerce Times.
A full-frontal counterattack across borders poses many risks, noted Nathan Wenzler, executive director of security at
Thycotic.
Dealing with a politically volatile group makes it difficult for
cyberattack victims to do anything directly without it being seen as an
act of aggression or even an act of war, he told the E-Commerce Times.
"Barring that, however, there are many defensive measures that
corporations and government agencies should be implementing in order to
defeat the types of attacks coming out of this group," Wenzler said.
Own A Blog Like This
Techzusng@gmail.com
