Skip to content

No News Isn’t Necessarily Good News

May 1, 2011

It was reported early this week that Brigadier Gen. Gholam Reza Jalali, the head of Iran’s Passive Defense Organization made a statement that the country’s infrastructure had been the subject of a second serious cyber attack.  This time, the culprit wasn’t Stuxnet – but an advanced persistent virus called Stars.

At the time of writing, there has been no independent verification of Stars through the traditional channels that feed malware back to security vendors and analysts.  Nothing more has been heard from Iranian officials since their original statement over the Easter weekend.

This has lead some to question the validity of the Iranian’s claims. I would, however, advise caution.  As anybody that has experienced a breach will tell you, unless you have the right tools to capture, correlate and analyze the huge volume of security-related data spread across a large distributed network in a range of different formats – events, asset data, system configuration changes, network traffic, and others – it can take days to figure out even the basic details of a breach.  This makes answering questions such as why, when and what the target of the attack was almost impossible.

It’s also possible that the Iranians could be dealing with an ongoing incident – their attention could still focused on repelling the attack.  They’re not called Advanced Persistent Threats without good reason.

We’ll likely have additional commentary on this issue as more information is discovered.  Stay tuned…

Advertisements
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: