A new malware threat group, called BlackEnergy, has been gaining momentum over the last week. Its attacks are widespread and growing across Europe, Middle East, Asia and the US, impacting Linux systems, Cisco hardware and industrial controls like Windows SCADA.Ken Bechtel, malware research analyst at Tenable, has issued the following warning:
"Companies that are not actively monitoring network traffic may not be able to identify BlackEnergy malware in a timely manner. Since routers are neither protected from malware nor routinely scanned, compromising them puts attackers in the catbird seat, granting large scale visibility into the network and plenty of time to scout network defences before selecting a target.
"In this scenario, the initiative rests completely with the attackers, so traditional network defences are not enough to detect and remediate the threat. Continuous monitoring can help companies reduce the attack surface by specifically looking for abnormal activity originating in routers."