Researchers discover new malware most likely created by nation-state attackers - expert comments
Following the SentinelOne discovery of a sophisticated malware campaign specifically targeting at least one European energy company (https://sentinelone.com/blogs/sfg-furtims-parent/) I have an automated analysis of the sample file discussed in the SentinelOne blog post from Dan Matthews, Director of Engineering at Lastline and comment from Tim Erlin, Director Security and IT Risk Strategist at Tripwire:
Dan Mathews, Director of Engineering at Lastline
"We continue to see malware authors pushing the envelope with automated malware analysis and anti-virus evasion techniques. The malware authors continually innovate by developing novel evasion techniques and also by packaging multiple stacked evasion techniques into their applications.
Detecting these evasions is quite challenging for vendors who perform detection within the same operating system where the malware runs, but because Lastline’s detection architecture is different, we are able to observe many of the anti-VM evasions described in the detailed manual analysis post at SentinelOne and properly alert on the maliciousness of this application."
Tim Erlin, Director, Security and IT Risk Strategist at Tripwire
“We’ve already seen that the industrial systems controlling the power grid can be vulnerable to cyber attacks. It’s no surprise that governments are investing in an expanding arsenal of tools to leverage these weaknesses. Protecting critical infrastructure from cyber attacks is increasingly an intrinsic part of national defense for any country.”