Startup Targets The Attackers Behind The APT

Former McAfee execs in new stealth venture will demonstrate an APT-type targeted attack against a smartphone at RSA Conference

RSA CONFERENCE 2012 -- San Francisco, Calif. -- A former McAfee executive who spearheaded much of the security firms advanced persistent threat (APT) research will demonstrate here tomorrow a targeted attack against a smartphone that uses an exploit created by his new startup.
Dmitri Alperovitch, who is CTO of CrowdStrike, a company still in stealth mode that he co-founded with former McAfee CTO and EVP George Kurtz, will show an exploit his team built using malware from an infamous Chinese remote access tool (RAT) used by APT-type attackers. The attack basically spies on and stalks an Android smartphone users calls, physical location, apps, and data.
We are trying to highlight that adversaries are going to do the same thing they do on a PC -- and repeating it on a mobile device, says George Kurtz, who is president and CEO of CrowdStrike. A smartphone is always on, its always with me, and it has voice, video, phone, a connection to my network, and my sensitive documents. Its always connected, and always has power. Its the ultimate spying tool if you can commandeer it.
Alperovitch and CrowdStrikes Adam Meyers, the former director of cybersecurity intelligence for SRA International, took a piece of Android malware generated by the RAT and reverse-engineered it to create their own RAT for the attack. In one fell swoop we commandeered a RAT, Alperovitch says. And we built our own command-and-control infrastructure for it.
The attack works like this: The attacker sends a phishing SMS message to the victims smartphone, purporting to be from his mobile provider and saying its time to renew his data plan by clicking an included URL. Once the victim clicks on the URL to renew his service, the phone is infected and the attacker gains root access to the smartphone, allowing it to bypass the app permissions step in the Android. It drops the RAT tool and starts the process of snooping on the user via his smartphone.
The attack uses a weaponized vulnerability in Webkit as well, and the RAT to gather GPS data and potentially record phone conversations. Its an end-to-end mobile attack, Alperovitch says.
Alperovitch concedes that the attack was no small feat. The researchers also wrote their own shellcode on the phone; overall, it took about three weeks of reverse-engineering and exploit-writing to execute the attack just for the Android. Such an attack model could be used against any Webkit-based phones, including iOS, according to CrowdStrike.
This is the way attacks have been operating in the PC world for a decade. Its probably already happening in mobile, but we dont have visibility in it because the apps cant see that deeply. We dont know the full scope of the situation, Alperovitch says.
CrowdStrike is focused on the attackers behind targeted attacks and, according to Kurtz, will use big data technologies to help businesses and governments protect their intellectual property from APTs. The company will drill down on the attributes and tactics of the attackers.
CrowdStrike
recently secured $26 million in Series A funding.
You have an adversary problem, not a malware problem in these attacks, Alperovitch says. We were getting frustrated about the industrys way of solving the problem. It is looking at a gun or bullet as opposed to the shooter.
The key is to make it more costly for that human being sitting behind the exfiltration stage of the hack, Kurtz says.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ Officials confirm the government is prepared for the cybersecurity deadline. ◂ Discovered: 06/01/2025 Category: security	▸ The Pentagons lesson on insider threats for businesses. ◂ Discovered: 06/01/2025 Category: security	▸ Authorities affirm agencies are on course to adopt CyberScope. ◂ Discovered: 06/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Startup Targets The Attackers Behind The APT