Senior manager for Symantec Security Response, Orla Cox, revealed the trend during an interview with V3. "We've seen a lot of criminals developing their own version of Tor, their own peer-to-peer model recently. ZeroAccess is an example of this, where they developed their own protocol to communicate," she said.
ZeroAccess is a notorious peer-to-peer botnet believed to have enslaved 1.9 million machines during its peak. Symantec saved 500,000 ZeroAccess victims during a sinkhole operation in October 2013.
Cox said the move to peer-to-peer architectures is a reaction by cyber criminal communities to successful operations such as this sinkhole.
"They've no choice: command-and-controls are too visible, and law enforcement has got better at taking their operations down," she said. "They're closing in on the attackers so they're reacting by getting more creative and sophisticated. This isn't surprising as the guys doing this aren't amateurs, they are in this for the long haul."
She said the criminals' use of peer-to-peer technology is troubling as it makes tracking and shutting down their cyber campaigns more complex.
"[The use of peer-to-peer technologies] is not hard from a protection point of view, we can detect the traffic, the issue is taking them down. Back in the day we could go to a hosting provider and shut them down, but peer-to-peer is really difficult, it requires months worth of work and significant investment," she said.
Symantec
is one of many security firms to warn that criminals are developing new
ways to hide their campaigns and activities from law enforcement
agencies and security providers.
Kaspersky Lab researchers uncovered evidence in March suggesting criminals plan to release a new wave of advanced cyber attack campaigns using the anonymising Tor network.
No comments:
Post a Comment