WALTHAM, Mass. (February 4, 2013) – CounterTack, the industry’s first and only provider of in-progress cyber attack intelligence and response solutions, today announced that its Cyber Counter-Intelligence Research Lab has successfully detected a “Red October” malware attack within 90 seconds of infection of a victim system via CounterTack’s Stateful Compromise Indicators (SCIs).
“Red October,” the notorious, highly organized cyber espionage campaign first investigated and reported by Kaspersky Labs, has infiltrated the networks of governments and enterprises in numerous regions, particularly Eastern Europe, former states of the Soviet Union and Asia, largely targeting sensitive government, diplomatic and scientific research information. Beginning in 2007, many Red October campaign components went undetected by anti-virus programs for months and even years after infection.
“Through the use of armoring techniques, which focus on evading and silently disabling host-based security systems, the Red October campaign operated undetected for several years by simply re-purposing the same crimeware tools over and over again,” said Sean Bodmer, chief researcher, counter-exploitation intelligence, CounterTack. “Today’s cyber battle is not only against the advanced crimeware itself, but also against the evasion and exploit techniques employed by the sophisticated architects behind these tools. The Red October campaign sheds light on a larger underlying issue: the widening detection gap, which is being driven by attacker innovations such as armoring.”
Through the expanded usage of next-generation honeynets, CounterTack is poised to deliver a series of innovations aimed at closing the detection gap. Over the next month and at the upcoming 2013 RSA Conference in San Francisco, Calif., CounterTack (booth #2533) will unveil:
- The most recent findings from CounterTack’s Cyber Counter-Intelligence Research Lab – including the successful detection of Red October malware and other targeted attacks;
- Newly patented technology that enables monitoring from deep within the operating systems of actual production assets to detect previously undetectable attacks;
- Two new, game-changing solutions focused on deep system inspection and new Stateful Compromise Indicators, purpose-built to narrow today's existing detection gap.