Gauss: Cybersurveillance Aimed at Banks

Malware Attacks Prove Profitable for Hackers

By , October 1, 2012.
Gauss: Cybersurveillance Aimed at Banks

Malware and cyberespionage tools like Gauss are hitting U.S. banking institutions and businesses from all corners of the globe. But why are these sometimes not-so-sophisticated attacks causing so much damage?

Roel Schouwenberg, a senior researcher at Moscow-based Kaspersky Lab, says organizations are not placing enough emphasis on security. And with the advent of new nation-state-sponsored attacks increasingly targeting industries linked to critical infrastructure, it's time for a mindset and technology change, he says.

See Also: The Changing Landscape of Data Breaches & Consumer Protection in 2015

"A lot of companies aren't investing enough money into security," Schouwenberg says in an interview with BankInfoSecurity's Tracy Kitten (transcript below). "Some companies are suffering sabotage because of that, and their business is crippled for some period of time."

In mid-July, researchers at Kaspersky Lab discovered Gauss, a new malware cyberthreat that was targeting online banking users in the Middle East. But Schouwenberg says it's likely users throughout the world have been affected. Because so many malware attacks are aimed at U.S. business and finance, it's safe to assume, he adds, that industry in the States was affected by Gauss, too.

Gauss, a complex cyberespionage toolkit designed to steal sensitive banking data, is similar to Flame, Stuxnet and Duqu. And even though Stuxnet is believed to been launched by the U.S. government, it did infect businesses in the U.S.

"Stuxnet was found in countries all over the world, including the United States," Schouwenberg says. "And in the United States, it was actually found within critical infrastructure."

These attacks are successfully infiltrating networks and systems because businesses have not paid much attention to cybersecurity, Schouwenberg says. Despite security experts' ongoing warnings that cyberthreats have reached a tipping point, organizations have seen little incentive to make any additional security investments or cultural changes, he says.

During this interview, Schouwenberg discusses:

  • Why nation-state attacks are on the rise;
  • Steps international governments should take to address increasing global cyberthreats;
  • Why malware is the cybersecurity world's greatest concern.

Schouwenberg serves as senior researcher for the Americas within the global research and analysis division at Kaspersky Lab, a security research firm in Moscow. He joined the company in 2004, and since 2008, he has overseen malware monitoring and analysis of cyberincidents in North America. Schouwenberg focuses on targeted attacks - including those used in cyberwarfare - and proactive technologies. He also investigates new platforms and technologies. And he's a founding member of the Anti-Malware Testing Standards Organization and serves on its board of directors.

Cyberespionage and Cybersurveillance

TRACY KITTEN: Gauss is similar to Stuxnet, Flame, and Duqu. - all cyberespionage viruses used in so-called nation-state attacks. How did researchers first discover Gauss?

ROEL SCHOUWENBERG: We actually discovered Gauss because of our investigations into Flame. When we do deep-dive investigations, we go through our malware collection and try to find files that are very similar to the file that we are currently studying. So during this investigation, we found some old files that really looked like Flame. And when we analyzed them a bit deeper, we saw that these files were built on the Flame platform but were something different all together. That is how we found Gauss.

Gauss Described

KITTEN: Why is Gauss believed to be in the same family as the other cyberespionage viruses? You noted that it looks a lot like Flame, but what about Duqu?

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Why Attacks Exploit Common POS Systems

A remote-access attack that compromised a parking facility provider with locations in Illinois,...

Latest Tweets and Mentions

ARTICLE Why Attacks Exploit Common POS Systems

A remote-access attack that compromised a parking facility provider with locations in Illinois,...

The ISMG Network