Professional Malware is Evolving to Include Psychological Warfare

Security Keyboard.jpgProfessional malware is a powerful tool and is now being leveraged as a means of psychological warfare against nation-state targets.  Recently, operators in Iranian nuclear facilities experienced a not-so-subtle sign of infection.  According to an unconfirmed report from F-Secure, a Finnish security company, workers were disrupted by malware which maximized the volume on computers late at night and then played AC/DC’s Thunderstruck.  If true, this represents a radical change in the behavior of elite class malware.

Nations across the globe, in pursuit of political goals, are developing sophisticated offensive cyber tools which can augment more traditional types of operations.  Iranian nuclear facilities have been targeted with malware before, disrupting operations and gathering intelligence.  The quality of the code, the complexity of the how vulnerabilities are being exploited, and the likely inclusion of human resources all points to a professional sponsor, likely that of a government.  In response, Iran has instituted additional controls, including isolating networks to bolster security.

What is interesting about this recent music playing incident is how overt it is.

Most professional malware embraces stealth, both in delivery and execution.  Worm and virus writers want to successfully access victim systems without detection.  It offers the best opportunities to use compromised systems as a foothold for further attacks, steal information, and subvert operations.  Some of the most sophisticated malware have embedded logic which detects when it might be under observation or being analyzed, with a quick response of self-deactivation and deletion.  It is better to self-destruct than be detected or give the target an opportunity to peek at the instructions, architecture, and design.  This strategy of malware design reinforces the saturation, persistence, and overall potential to compromise confidentiality, integrity, and availability of systems and services of the targeted environment.

Tapping into the psyche of victims is not new for uncomplicated malware.  For some time viruses, worms, trojans and the like, have taken advantage of the minds and emotions of its victims. 
• Luring people to open an email, file, or visit a malicious website through the use of tantalizing or scandalous subject titles 
• Trapping files and holding them for ransom or threatening to forward them to authorities
• Affecting system performance or availability, then offering a fix or protection for a price
• Soliciting money because of a personal crisis or under the guise of global disaster relief
• Making ‘to-good-to-be true’ offers to gullible audiences
Although these methods are still successful, they represent only a basic level of strategic planning.  They are in fact simple, direct, have little concern for being covert, and not part of a larger scheme.

So why would professional malware writers design their code to announce itself in such an unmistakable way and give up the element of stealth?  The answer might be found in the goals of psychological warfare.  The Thunderstruck incident is different and I suspect is part of a larger more complex operation.  Openly broadcasting a rock anthem has a certain amount of flair and panache.  Looking beyond the excellent choice in music, it is a bold message which can affect workers and government in many different ways.

The overall objectives of the attacker may be seeking to cause dissention and mistrust.  First, given all the work to protect the systems, it is demoralizing to have such an open breach, the news of which cannot be easily suppressed.  Employees concerns with the competency of the administration may grow.  Secondly, this is a message to those defending the facilities.  In essence saying, we can affect you in ways you may not understand, even when you do your best to protect the systems.  Thirdly and most importantly, it fosters an environment of mistrust.  Knowing that someone on the inside is likely assisting the attacks, it makes everyone wary and suspicious of each other.  It also naturally weighs against the faith in superiors of being able to maintain control of an escalating situation.  Under these circumstances, stress levels increase dramatically.  It becomes very difficult to accomplish precise work at a rapid pace.  This may be the real goal of the larger strategy.  Advanced malware is just one tool of the plan.

The world of malicious software is constantly changing, evolving, and innovating.  We may be witnessing a new era in professional malware writers expanding into a higher domain of psychological operations.  Some would say, it was just a matter of time.

Published on Categories Archive
Matthew Rosenquist

About Matthew Rosenquist

Matthew Rosenquist is a Cybersecurity Strategist for Intel Corp and benefits from 20+ years in the field of security. He specializes in strategy, measuring value, and developing cost effective capabilities and organizations which deliver optimal levels of security. Matthew helped with the formation of the Intel Security Group, an industry leading organization bringing together security across hardware, firmware, software and services. An outspoken advocate of cybersecurity, he strives to advance the industry and his guidance can be heard at conferences, and found in whitepapers, articles, and blogs.