It is Saturday 17 July 2021 and together with Alessandro Rugolo, Danilo Mancinone, Giorgio Giacinto and their respective families we are near Dorgali, a small town in the center of Barbagia for a cheerful Sardinian lunch.
“Carlo, this week my Windows made two updates at two different times. How come? Have you released any specific patches or new features? " Danilo, Alessandro and Giorgio ask me in unison between a plate of culurgiones and a cut of sheep.
You can imagine my face at that moment when faced with this question ...
So, after a good glass of cannonau, I disguised myself as Alberto Angela and I started talking about sorghum or sorghum, an annual herbaceous plant belonging to the grass family. In particular, it is the fifth most important cereal, after maize, rice, wheat and barley. The sorghum plant, similar to that of corn, can reach up to two meters in height.
Sourgum, however (from the Latin “Sorghum”?) is the name assigned by Microsoft to a group belonging to the so-called PSOA, “Private Sector Offensive Actor”, ie private sector companies that produce and sell cyber weapons.
This is an extremely dangerous new threat to consumers, businesses of all sizes and governments.
It's believed that Sourgum both an Israeli-based private sector offensive player and Microsoft, thanks to close cooperation with Citizen Lab, identified that the group would be headed by a company called Candiru, famous for selling tools of hacking e spyware.
The business of Sourgum is to sell cyber weapons that allow its customers, often government agencies around the world, to hack computers, phones, network infrastructure, and internet-connected devices. These agencies then choose who to target and manage the actual operations themselves. In short, a real one arms sales.
Il Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC), after weeks of analysis and research, have taken steps to disable these cyber weapons which have been used in timely attacks on politicians, human rights activists, journalists, academics, embassy employees and political dissidents. To limit these attacks, the actions carried out were mainly two:
- First, protections against the unique malware created by Sourgum; protections that were then shared with the security community in order to protect anyone in both proactive and reactive modes.
- Second, a software update has been released that will protect customers using Windows in a timely manner from exploits that Sourgum he was using to distribute his malware.
The activities, as mentioned, lasted weeks during which the malware was examined, its functioning was documented and the protections able to detect and neutralize it were developed.
Il malware It was called Devils Tongue and all technical information for customers and the security community is available at this link.
The distribution of Devils Tongue on the victims' computers was done through a chain of exploit which have impacted the most popular browsers and the Windows operating system.
That's why, dear Danilo, Alessandro and Giorgio, during the past week, Microsoft released the necessary updates to protect Windows for the two important Sourgum exploits.
The protections released this week will prevent the tools from Sourgum to run on already infected computers and will prevent new infections on updated and running computers Microsoft Defender Antivirus, as well as on those they use Microsoft Defender for Endpoint.
This activity, as has happened in the past for other actors, is part of the wider legal, technical and of advocacy that Microsoft and other companies operating in the field of information security undertake to address the dangers caused by PSOAs.
However, what has been told represents only the tip of the iceberg of a phenomenon that risks spreading like wildfire and having devastating effects continuing on the wave of Stuxnet, Wannacry and many other malware developed over the years and which today go under the name of nation state attacks.
It is clear that the sale of these malware, real cyber weapons, by private companies, as mentioned above, increase the risk that the weapons themselves fall into the wrong hands and threaten the society in which we live until human rights are undermined.
This is why actions are multiplied to curb this growth and defend the interests of companies, citizens and states from cyber attacks.
In this sense, Microsoft, together with several other companies such as Google, Cisco, VMware, Linkedin, etc. presented a friend brief in support of a lawsuit filed by WhatsApp against Israeli intelligence firm NSO Group, accusing the company of using a hidden vulnerability in the messaging app to hack at least 1.400 devices, some of which were owned by journalists and rights activists humans.
NSO develops and sells access to its governments to governments spyware "Pegasus" by allowing its nation-state customers to stealthily target and hack the devices of its targets. spyware like Pegasus they can track a victim's location, read their messages and listen to their calls, steal photos and files, and steal private information from their device. The spyware it is often installed by tricking a target into opening a malicious link or sometimes by exploiting vulnerabilities never seen before in app or phones to silently infect victims.
All this highlights even more overwhelmingly how the cyber threat has become a real business and we are increasingly moving away from the concept of cyber-attack to that of cyber-warfare just as, more and more often, the targets of the attackers have become the critical infrastructures of the states.
In such a scenario, I think the words of Tom Burt, head of security and customer trust at Microsoft, are worth a lot
"Private companies should remain liable when they use their cyber surveillance tools to break the law, or knowingly allow them to be used for such purposes, regardless of who their customers are or what they are trying to achieve".
"We hope that joining our competitors through this amicus brief will help protect our collective customers and the global digital ecosystem from more indiscriminate attacks."
The equation cybersecurity = partnership is increasingly true.
To learn more:
Geneva-Dialogue-Baseline-study-Role-of-Private-Sector.pdf (genevadialogue.ch)
(212) Israeli spyware firm Candiru hacked journalists and activists - report - YouTube
Microsoft Threat Intelligence Center Archives - Microsoft On the Issues
MSRC - Microsoft Security Response Center
DevilsTongue Spyware: the New Malware That Targets Windows Zero-Day Flaws (heimdalsecurity.com)
Stuxnet: The Most Dangerous Virus in History eBook: Editions, Psyché: Amazon.co.uk: Kindle Store
WannaCry ransomware: everything you need to know | Kaspersky
Microsoft - Google v Oracle Amicus Brief_for filing (5) .pdf (supremecourt.gov)
NSO GROUP - Cyber intelligence for global security and stability
Paper-Apr-2012_Cyberweapons.pdf (strategicstudies.it)
https://www.zerounoweb.it/techtarget/searchsecurity/levoluzione-delle-cyber-weapons/
Google and other companies join Microsoft to oppose the NSO Group (ispazio.net)
Pegasus: the spyware technology that threatens democracy - video | News | The Guardian
Photo: author
