1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Damballa finds tools related to the malware that hit Sony

Discussion in 'CSO' started by RSS, Nov 19, 2015.

  1. RSS

    RSS New Member Member

    Security company Damaballa said it has found two utilities that are closely related to capabilities seen in the destructive malware that hit Sony Pictures Entertainment last year.

    The utilities were discovered as Damballa was investigating a new version of the "Destover" malware, which rendered thousands of computers unusable at Sony after attackers stole gigabytes of sensitive company information.

    One key question in the Sony breach is how the attackers were able to evade security systems. What Damaballa found are two utilities that help mask new files introduced to a system.

    MORE ON CSO: How to spot a phishing email

    "Both utilities would be used during an attack to evade detection while moving laterally through a network to broaden the attack surface," wrote senior threat researchers Willis McDonald and Loucif Kharouni, in a blog post on Wednesday.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page