IT Insights

Beware of Government-Grade Malware – Especially from Hackers

Thanks to Edward Snowden’s revelations concerning the National Security Agency’s (NSA) questionable online practices, we now know that there are ways that we can be watched by others and not even know about it. But what’s really scary is that malware exists that can accomplish this same goal.

According to new research from Sentinel Labs, there are variants of malware out there that can remain undetected by computer users for long periods of time. This is being called “government-grade” malware, and could potentially be deadly if it wound up in the hands of hackers. By taking advantage of this technology, hackers can conceal their rootkits and ransomware, making it much more difficult to detect and remove.

One such occurrence has already surfaced. The malware, called Gyges, was discovered this March by Sentinel Labs Research Lab. Gyges was likely developed originally for government espionage, but it has been altered and transformed into the average computer user’s worst nightmare. The malware originated in Russia, and is practically invisible. Sentinel Labs isn’t surprised that this malware has been taken advantage of by hackers, and neither should you – they will do whatever it takes to commit their atrocities, and anything that makes doing it easier will be in high demand for them.

Gyges, according to Sentinel Labs, uses “sophisticated anti-tampering and anti-detection techniques,” which allow the malware to remain undetected and undisturbed while infecting its target. Unlike other types of malware, Gyges waits until the user is inactive, making it immune to popular sandbox-based security tools. Additionally, Gyges uses anti-debugging and anti-reverse engineering defenses, essentially guaranteeing that it accomplishes its goal (i.e. infecting your computer).

The world is still on edge about CryptoLocker and GameOver Zeus, and Gyges may have been involved with the spread of this ransomware. Gyges can be attached to other malware, which can make other variants of malicious code more difficult to detect. Another popular theory about this malware is that it acts as a carrier for other attacks, and is simply a medium to ensure that the other malware gets its job done properly. The carriers are used to inject the code into a system, which then allows malicious activity to happen without detection.

On the business end of this malware monstrosity, it offers a better return-on-investment than normal malware can offer. Since it’s more likely to infiltrate systems and remain undetected than other, less sophisticated malware, attaching Gyges greatly increases the chances that normal malware will operate to their desired degree.

If you are concerned about the security of your system (which you should be), let Sabio Information Technologies help you with our Unified Threat Management (UTM) solution. We’ll build up your defenses and do what we can to keep your network secure. With all of the vulnerabilities and advanced malware being introduced to the world, it’s the best option to keep your business safe and away from harm.