Tuesday, December 23, 2014

Covert Listening Threats even worse than recent hacking attempts

Over the past few weeks we have been researching data from various audits on the east coast. We are noting a large increase in the identification, location and disabling of covert listening devices. In the month of November alone we have discovered 14 separate listening devices at 7 different companies. One thing we also have noticed are some similarities between the various devices that have been located.

1. In several of the cases there were multiple listening devices in the same area. We believe this is being done so that if the primary is found the backup may continue to provide useful information to the attackers.

2. Fax machines are being heavily targeted at many businesses. We have been able to locate stolen documents in 4 of the cases out of the 14 being researched.

3. Ultrasonic devices are being used to avoid detection.

4. Networks are also being attacked with malware reporting back to 194.165.134.66. These IP's are also attempting to attack SMTP servers to verify accounts at these same organizations. This was determined through log file analysis.

5. 1 of the 14 companies is a major US Military Contractor.

These are the finding for November. We are still seeing covert listening devices in December and the numbers this month even with the holiday breaks are much higher than November so we are alerting companies to look for traffic to this host and call us if you have identified any. We would like to look for accompanying planted devices to see if this pattern remains. Only 1 of the 14 entities was not bugged or we did not locate any devices during the sweep.

SLC Security customers please read bulletin 2014-141 for additional information on the network IOC's and signal identification notations for these 14 locations.

No comments:

Post a Comment