The cyber threat detection company Kaspersky Lab, maker of an anti-virus program used on millions of Windows PC computers, has uncovered a new form of malware that has been termed both advanced and massive in scope. This new cyber threat has been officially designated as Worm.Win32.Flame but is being referred to in casual parlance simply as "Flame". The purpose of Flame appears to be cyber espionage and has mainly been deployed in the Middle East region, with its targets being networks and systems under the control of the national governments there. To date, targets appear to include nations such as Iran, Sudan, Syria, Lebanon, Egypt, and Saudi Arabia.
There have been nearly 400 attacks carried out by Flame so far, approximately 50% have been directed against specific computer sites based in Iran.
However, the technological developments underlying Flame could potentially be used against business interests as well. The malware is designed to carry out a number of illicit actions on targeted computers including displaying the contents of hard drives and other storage systems; harvesting information about systems so that further intrusions and attacks can be coordinated; and stealing stored files including email messages and audio and video files.
According to Alex Gostev, the chief security expert at Kaspersky Lab, Flame is "one of the most complex threats ever discovered. It's big and incredibly sophisticated. It pretty much redefines the notion of cyber war and cyber espionage." In its ability to incapacitate systems, it resembles other recent threats such as Duqu and Stuxnet, reminding businesses of the importance of IT support.
"From the initial analysis, it looks like the creators of Flame are simply looking for any kind of intelligence - e-mails, documents, messages, discussions inside sensitive locations, pretty much everything," continued Gostev. "We have not seen any specific signs indicating a particular target such as the energy industry, making us believe it's a complete attack toolkit designed for general cyber-espionage purposes."
This general nature of the malware makes it more likely that it could be turned against business interests as well as government sites. Even if Flame itself is never used in this way, other hackers are sure to study it in order to adapt its techniques to more prosaic targets. It is particularly important that small and medium-sized businesses protect themselves against the evolving threat environment. One of the best ways is to organize IT services around a managed programs model so that on-site support is available on a regular basis.