How a Scanner Infected Corporate Systems and Stole Data: Beware Trojan Peripherals

By | July 10, 2014

Advanced_persistent_threat_lifecycle A new form of highly targeted cyber attack patently demonstrates the shift in malware sophistication and motivation and I cover all the details. Annoying hacker pranks done for fun and sport have been supplanted by sophisticated, multi-stage software systems designed for espionage and profit. The new attack, discovered by TrapX, a developer of security software formerly known as CyberSense, is one of an increasingly common genre known as an Advanced Persistent Threat (APT) of the type that stole debit card numbers from Target or sensitive data and login credentials from any number of companies. What makes this recent attack noteworthy isn’t its basic design, operation or targets, but means of initial delivery: contaminated firmware on a type of industrial barcode scanner commonly used in the shipping and logistics industry. Similar to the technique used to introduce the infamous Stuxnet worm that took out Iranian centrifuges and managed to penetrate ostensibly highly secure networks via ordinary USB thumb drives, the so-called Zombie Zero worm invaded corporate data centers through a back door.

In this column I outline details of the exploit, explain how it’s both similar to other APTs but with a worrisome new wrinkle and place it in the context of other cyber attacks.

We appear to have entered a dangerous new era in cyber crime and espionage where UL-style independent vetting of a device’s security and integrity are needed and will become the norm.