Just like the kinds of viruses that cause your annual stomach trouble or flu-like symptoms, there are various types of “bugs” or malware waiting to attack your computer, website, and even web hosting hardware. Kapersky Lab reported in February 2015 about a self-destructing malware that’s making the rounds—and it has the capability to impact hard drive ware with sophisticated twists. Every since 1996, the group Equation has been tapping a plethora of malware in order to launch cyber attacks. Kapersky reports that, “The Equation group is probably one of the most sophisticated cyber attack groups in the world and they are the most advanced threat actor we have seen.”
So far, over 500 victims have been identified around the world but there are likely many more who either don’t know they’re under attack or haven’t reported it. Since Equation has created a malware that self-destructs, Kapersky notes that there are probably “tens of thousands” of victims and growing. It’s known that servers, data warehouses, domain controllers and website hosting servers have been infected. What does this mean for the website owner who relies on a web hosting service to keep their website (and company information!) safe, secure and functioning?
A Growing Problem
Kapersky reports that over 100 servers in a number of countries and 300 domains are used by Equation for control and command. Countries identified so far include the US, Colombia, Costa Rica, Czech Republic, Germany, Italy, Malaysia, the Netherlands and the UK. Of course, it’s unsurprising that the levels of spying and illegal data mining is become more complicated than ever. Just three months ago at the tail end of 2014, Regin was stumbled upon which was one of the most complex malwares at the time. According to the Symantec group, “The level of sophistication and complexity of Regin suggests that the development of this threat could have taken well-resourced teams of developers months or years to develop and maintain.” However, Equation’s malware puts Regin to shame.
Equation is known for complicated algorithms, and a minimum of six malware types have been used to ravage Windows. Some of the most commonly identified Equation malwares include grayfish, fanny, doublefantasy and triplefantasy. Of those identified so far, Grayfish is the most sophisticated. What risks your website/company face depends largely on the malware(s) being implanted by Equation during the attack. For example, Doublefantasy is a tool that figures out if a website is potentially lucrative enough to be explored—if your deemed interesting enough, Equation can effectively take control of your entire operating system.
Equation seems to particularly fancy Windows, but there has been signs that Mac versions of some Equation malware exists. Specifically, experts have identified a special code that iPhone users get when the malware is in action.
One Fish, Two Fish…
Kapersky warns web hosts and website owners that, “Grayfish is the most modern and sophisticated implant from the Equation group. It is designed to provide an effective (almost invisible) persistence mechanism, hidden storage and malicious command execution inside the Windows operating system.” Grayfish is so impressive that Kapersky guesses the “developers of the highest caliber are behind its creation.”
The good news for US-based website owners and hosts is that the US is far from being the most commonly attacked country. Instead, Equation has been focusing on Afghanistan, China, India, Iran, Mail, Pakistan and Syria. Given the target countries, Kapersky thinks a government agency like the NSA might be the brains behind Equation. Most targets are diplomatic or government groups, aerospace and nuclear research facilities, military, energy, oil and gas companies, cryptographic tech companies and Islamic activist groups.
“The ability to infect the hard drive firmware” is unique to Equation, says Kapersky. However, with hints that the US government is actually the Equation group (and they seem to be largely interested in foreign countries), it’s possible there will be minimal US targets.