By Victoria James
In a similar way to its malware predecessors Stuxnet and Duqu, Flame is employed in a targeted manner and can work undetected by most security software thanks to its rootkit functionality. Once a system is infected, Flame can spread and attack other systems via a local network or USB stick. It can record audio, screenshots, keyboard activity and network traffic, as well as Skype conversations.
The data Flame collects is sent on to one of several command and control servers that are scattered around the world; it then waits for further instructions from these servers remaining in a latent state during this time.
The main difference between Flame and Stuxnet (whose purpose is to attack industrial process), is that Flame’s role is cyber-espionage – it’s not intended to damage the equipment it attacks. It even supports a kill command which wipes all traces of the malware from the computer. The initial infections of Flame stopped operating after its public exposure. The originators of the virus sent the kill command to wipe away the evidence of their work.
Information on how the malware spreads is not yet public, but it is well known that previous high level malware attacks, such as Stuxnet, were delivered via highly targeted spear-PHISHING, intended to encourage the recipient to transfer the program to USB stick and introduce it to the targeted system.
With this threat in mind, industry should consider whether the time has come to address the security issues presented by USB sticks. These include the frequent loss of data stored on unencrypted consumer style portable memory as well as viral and malware attacks.
Consumer memory devices may increase the risk of data theft, as well as misuse by company employees. Using the work USB in unsecured environments, like a personal PC, adds to the threat of infection with malware such as Flame. The employee then plugs in the USB into the office network, easily allowing the virus to access all other systems and collect information from the entire company.
However, a unique form factor deters malicious use of the device and prevents most unauthorised data transfer. Specialised memory devices help protect the host system from malicious files and offer a new potential revenue stream when an OEM becomes the exclusive source of new and replacement keys or tokens.
The increasing threat of cyber espionage and industrial viruses should be reason enough for us all to invest time in a robust malware protection plan. Yet, as viruses become more sophisticated, the best preventative solution for businesses lies in the quality of hardware they use. In this context, it may be that FLAME, Stuxnet and its successor Duqu bookmark the end of the USB’s and the rise of specialised, secure industrial memory devices.
About the author
Former Vodafone and Samsung marketing expert Victoria James joined Nexus GB, the UK, Ireland and Scandinavian partner of memory specialist Datakey Electronics, as marketing and PR director in 2009. Victoria’s focus is on communicating to design engineers the benefits of using specialist industrial memory. Nexus’ memory solutions are more rugged, scalable and long lasting than commercially available alternatives, such as memory cards and USB sticks. Crucially, they are also available for the lifespan of an OEM’s product, unlike consumer alternatives which are normally withdrawn as obsolete relatively quickly.
About Nexus GB
Established in 1986, Nexus GB is Datakey Electronics’ UK, Ireland and Scandinavia exclusive distributor for portable, rugged keys and tokens containing non-volatile memory. These reliable and re-programmable items provide data transport, security, and access control solutions even in extreme environments where other methods, such as USB memory, would not survive. Furthermore, distinct from consumer-like memory solutions, they are a well-established product that will not become obsolete as technology progresses. As a result, they are commonly used by design engineers working on long term projects, with more than three million units currently in UK service.