08 June 2012

Flame malware is very like Stuxnet and Duqu before it

Weaponised malware – a term first used to describe Stuxnet – is a rising trend, with Stuxnet, DUQU and now Flame, according to enterprise key and certificate management specialist Venafi.

"This is not the end; it is the beginning," warns Venafi's CEO Jeff Hudson.

"If organisations do not have an automated [certificate] management system in place, the likelihood of a catastrophic event is very high," he continues.

"Also, when the event occurs, recovery and remediation will take a very long time. Just like you need to manage and keep software up to date, you need to do the same thing with certificates."

Hudson points to a steady stream of third-party trust providers and the instruments they provide being compromised. He cites RSA, Comodo, StartSSL, DigiNotar, Verisign, and now with Flame, also Microsoft. No one is safe, he insists.

"If you hear someone talk about how they know what they are doing and have taken precautions so that they won't be compromised, run the other way," advises Hudson. "They are in denial or worse. These are very high value targets and the compromises will continue. I chuckle when I think about how so many said that the RSA compromise was an isolated incident."

Hudson also makes the point that the term 'weaponised' was coined for a reason – the new level of malware translates to physical damage highly likely to have been developed by nation states to engage in cyber warfare.

"The interesting thing about nation-state developed weapons is that once developed and deployed, they find their way into the hands of non-nation state actors... The attack vectors brought to you by weaponised malware are, with certainty, going to be employed by criminals to steal money, intellectual property, and anything else of value."

"From the many conversations I have with CIOs and CISOs in the industry, their understanding of this issue and their commitment to fixing this problem is similar to their thinking on software updates and patches a long time ago. The attitude can be characterised as poor understanding, non-committed to act, ambivalence and dereliction in an important duty," comments Hudson.

Author
 Brian Tinham

Supporting Information

Companies
Venafi

This material is protected by Findlay Media copyright
See Terms and Conditions.
One-off usage is permitted but bulk copying is not.
For multiple copies contact the sales team.

Do you have any comments about this article?

Add your comments

Name

 
Email

 
Comments
 

Your comments/feedback may be edited prior to publishing. Not all entries will be published.
Please view our Terms and Conditions before leaving a comment.

Related Articles

ODVA machinery SIG

Open, interoperable automation technologies pressure group ODVA is forming a ...

Hype and jargon

More than four fifths (84%) of IT decision makers in manufacturing industry say ...

Cybersecurity survey

A global cyber security of more than 1,500 professionals has revealed that more ...

Network practice

There’s much more to securing and provisioning your business and plant networks ...

Wireless world

Going wireless isn’t just about business communications. Brian Tinham discovers ...

Mobile IT: for real

Formula One is set to deliver a new level of enabling IT, not just for the ...

Bakehouse: Delicious and determined

Bakehouse have gone from start-up to market leaders in 15 years. They are now ...

Sevcon

Customers and Shareholders Benefit as Global Manufacturer Deploys Management ...

Six Steps for: Discrete Manufacturers

Columbus IT has worked with many Discrete Manufacturing organisations enabling ...