The malware that modifies a hard drive's firmware to create hidden space where stolen data and maybe even encryption keys for later retrieval was discovered by GReAT, or the Global Research and Analysis Team, part of Moscow-based security technology developer Kaspersky Lab's Threat Research unit.
GReAT was established in 2008 to combat malware and has more than 40 security experts worldwide, according to Kaspersky. Many of its capabilities are similar to those offered by advanced research labs from other security vendors, including Symantec Research Labs or McAfee Labs.
The organization partners with international organizations to assist in investigations and countermeasures to combat malware operations, as well as with large third-party IT vendors such as Adobe, Google and Microsoft to investigate vulnerabilities.
The malware that infects hard drive firmware is only one of several recent discoveries from GReAT. Others include:
The Fanny worm: Fanny's goal is to map air-gapped networks, or those systems that cannot be reached via normal attacks because they are not connected to an outside network. Fanny works via a USB stick with a hidden storage area infected with the worm. When the USB stick is connected to an air-gapped system, it can surreptitiously collect basic system data and send it on when connected to a network. The USB stick can also carry secret commands to the air-gapped systems.
Interdiction techniques: Attackers can intercept physical goods and replace them with versions featuring malware. For instance, malware can be placed on CDs handed out at conferences that will spread the malware when used.
This article originally appeared as an exclusive on the CRN Tech News App for iOS and Windows 8.
related stories
Video
trending stories
sponsored resources

OutSystems
Modern Application Development 360

Symantec
Symantec Business Security Learning Center

HP Amplify™ - A Simplified Global Program for the Customer-Driven Digital Age
HP Inc.

Dell Technologies
Dell Technologies Cloud Learning Center

NPD
Industry Trends 360

EPOS
EPOS

Smart 3rd Party
3rd Party Maintenance 360

Products of the Year Showcase

Cysurance
Cyber Insurance 360

Dell Technologies
Dell Technologies Storage Learning Center

BlackBerry
BlackBerry Learning Center

Spectrum Partner Program
Spectrum Partner Program

ADT
Network Security 360

Dell Technologies
Dell Technologies Server Learning Center

WatchGuard
WatchGuard

APC by Schneider Electric
IoT Platforms 360

Tenable
Cyber Risk 360

Dell Technologies
Dell Technologies Hybrid Cloud Learning Center

StorageCraft
Disaster Recovery Learning Center

Comcast
Comcast Business Learning Center

Vertiv
Edge Computing 360

Sophos
Sophos Cybersecurity Learning Center

Wasabi
Wasabi

Webroot
Webroot Learning Center
