According to Google, some shocking information: malware named Brickstorm was pilfering data from U.S. organizations for more than a year. That's right, hackers had access to the system for well over a year and nobody noticed.
Why is this any scarier you ask? Typically, once you learn of stealthy malware, the damage has already taken place.
What is most surprising? The malware was active for more than a year. In other words:
• Hackers had intelligence and knowledge
• Victims had no idea it occurred.
• Custom loaders that are used to stealthily deliver malware
• Backdoors that are opened so the hackers can return at any time they wish
• Configurations to exfiltrate files quietly,
• Persistence mechanisms, that are designed to maintain malware through a reboot
• Keep your software updated to patch vulnerabilities.
• Use multiple factor authentication (MFA) so that if your password is stolen it is useless.
• Look at your network regularly and check for unusual or suspicious activity.
• Train your staff on phishing and avoid clicking on bad links.
My recommendation is, "act as if hackers are always knocking on the door and work to fortify your defenses because if a hacker can remain undetected for an entire year, you need to monitor on a daily basis."
What exactly is Brickstorm?
Brickstorm is classified as a type of espionage malware. Unlike ransomware that locks up files and demands a ransom to give your files back or for each file you ransom, Brickstorm quietly escalates and moves its stealth. The malware enters systems, hides, and then slowly and quietly steals important or sensitive information.Why is this any scarier you ask? Typically, once you learn of stealthy malware, the damage has already taken place.
So who is Brickstorm attacking?
According to Google, the hacks were primarily directed at U.S. government, non-profit and other important organizations. These are types of organizations that have a lot of sensitive information.What is most surprising? The malware was active for more than a year. In other words:
• Hackers had intelligence and knowledge
• Victims had no idea it occurred.
What does Brickstorm do?
Brickstorm uses different tactics and techniques that are undetectable such as,• Custom loaders that are used to stealthily deliver malware
• Backdoors that are opened so the hackers can return at any time they wish
• Configurations to exfiltrate files quietly,
• Persistence mechanisms, that are designed to maintain malware through a reboot
How to make sure you are safe
So how do we protect ourselves from some of these types of attacks? Here are some straightforward steps:• Keep your software updated to patch vulnerabilities.
• Use multiple factor authentication (MFA) so that if your password is stolen it is useless.
• Look at your network regularly and check for unusual or suspicious activity.
• Train your staff on phishing and avoid clicking on bad links.
The conclusion
In conclusion, Brickstorm is malware used to steal data from U.S. organizations for at least a year, all while remaining undetected. Not all hackers are loud, and some like to take their time to lurk and steal data.My recommendation is, "act as if hackers are always knocking on the door and work to fortify your defenses because if a hacker can remain undetected for an entire year, you need to monitor on a daily basis."
