The rise of cyber-attacks, especially with the sprouting Deep Web black markets, has long called for militarization of cyberspace.
Government entities work behind the scenes to form a line of defense through creating cyber armies.
Though it sounds something that’s geared towards the greater good and a safer web environment, a government malware can easily go out of control which comes with great risks.
In most cases, highly sophisticated government malware is designed to exploit zero-day vulnerabilities and compromise its target.
What if such a powerful hack tool leaks online, and is made available in the Deep Web where anyone can acquire just about anything and everything?
You can only imagine how cybercriminals on the Deep Web, cyber terrorists, and even state-sponsored hackers can enhance it in unpredictable ways and most likely get away with it.
Furtim on the Deep Web
Cybersecurity researchers from the SentinelOne security firm have recently spotted a government-made malware that’s dubbed “Furtim” on the Deep Web.
The same strain of malware thought to be crucial in an attack against a European energy firm.
Worse, it’s actually the parent of previous malware strain similar to the Stuxnet virus.
The reconnaissance tool developed by cyber-soldiers is primarily designed for targeting critical infrastructure, one that can be employed to perform a first stage attack against an electric grid system.
It could be utilized to exfiltrate valuable data from its target systems and holds the huge potential of shutting down and crashing an entire energy grid.
This complex, sophisticated state-sponsored hacking tool was found on an online forum, despite the fact that such malware would not be typically available in Deep Web black markets.
SentinelOne Chief Security Officer Udi Shamir himself stated how strange it is to find it in a Deep Web hacking forum.
He pointed out that Furtim was born out of the significant efforts of state-sponsored hackers connected to cyber espionage operations.
The Furtim threat actor built the malware to evade common antivirus solutions.
It makes use of anti-virtualized environment and anti-sandbox techniques whose main function is to analyze malicious codes.
SentinelOne Senior Security researcher Joseph Landry said that there are no zero-day exploits in the malware, but has two known exploits instead.
Power Grid Attacks
Security experts warn how hackers are probing Western defences and aim to attack one power firm.
They plan to make use of digital weapons that can produce devastating results as it can effectively cripple the economies of advanced countries.
Tech experts Shamir and Landry revealed that the sophisticated malware campaign uncovered by the SentinelOne Labs team from the Deep Web targeted a European energy company in particular.
Unfortunately, critical infrastructure throughout the globe remains vulnerable to cyber attacks.
Recently, the NIS Directive was passed by the EU as its first ever legislation on cybersecurity.
It establishes minimum cybersecurity requirements on operators of critical infrastructure.
Back then, malware-based attacks have made critical infrastructure as its target.
Consider the Stuxnet virus, a computer worm which was used against Iran’s enrichment program.
Rather than merely hijacking targeted computers and obtaining information, it wreaked physical destruction on the computers it got a hold of and was empowered to control.
Another outage is attributed to the BlackEnergy malware which led to the takedown of a Ukrainian power grid.
Going way back to 2003, a Northeast blackout in America was the biggest in its history.
The event comprised 50 million people who lost power for about two days. It contributed to 11 deaths in the least and thought to have cost an estimated amount of $6 billion.
Today, the technology has evolved far beyond what it was before.
Thus, the stakes are much higher if hackers manage to bring down the power and turn lights off in any major city.
Who’s Behind the Furtim?
Upon discovery of Furtim, the SentinelOne team acted immediately and reverse engineered the code.
Based on its nature, the behavior, level of sophistication, and extreme measures the malware takes to avoid detection, they strongly believe that Furtim is a state-sponsored initiative that most likely originates from Eastern Europe.
Shamir confirmed that the hacker’s tool is a government item, and may have been sourced from Russia teams.
Though SentinelOne security firm declined to be more specific and are wary of attributing attacks to eliminate the risks of blaming the wrong culprits, it is certain that the group has the resources and skills.
The digital warfare malware is highly advanced and could not possibly have been created by anyone who is not backed up by government entities.