Flame is the most complex piece of malware, ever. Based on our analysis, Flame appears to act as a general-purpose spying tool, ideally designed for cyber espionage and stealing all types of information from compromised machines.
We have learnt that the capabilities of Flame are wide-reaching. Among other things, Flame can steal documents, take screenshots of users’ desktops, spread via USB drives, disable security vendor products, install spyware devices and software on your computer and install cameras and listening devices.
So far it appears that Flame is primarily targeting a few hundred organisations and individuals located in the Middle East. Organisations based in the UK are likely to be safe. However, this threat reinforces the need for enterprises to have an effective information security strategy in place, as it reminds us of the power and danger of constantly evolving threats.
There are many practical things organisations can do to protect themselves against new threats. One is to set up alerts for new threats across vendor platforms, to make sure you can be proactive in protecting your systems. By keeping up to date with the latest analysis of new threats, you can make sure you have the latest advice and proactively respond to any challenges.
We would also advise organisations that on endpoints, signature-based antivirus alone is not enough to protect against today’s threats and web-based attack toolkits.
You should instead deploy and use a comprehensive endpoint security product that includes additional layers of protection, such as:
- Endpoint intrusion prevention, that protects against unpatched vulnerabilities from being exploited;
- Browser protection, for protection against obfuscated web-based attacks;
- Application control settings, that can prevent applications and browser plug-ins from downloading unauthorised malicious content.
Another good tip to help prevent data breaches through malware attacks is to implement and enforce a security policy whereby data is encrypted. This should include a data loss protection (DLP) solution, which is a system to identify, monitor and protect data at rest and on the move.
While it is important to deploy all security, at the same time you need to educate employees. For example, they should be reminded to check the source of all USB drives they connect to their machines. It should also be reinforced that they should never click an unknown link in e-mail, text message, social networks or online.
James Hanlon is head of the Northern Region Security Practice at Symantec
Read more about what Flame means for businesses
- Security Think Tank: Flame – business must prepare for the unpredictable
- Security Think Tank: Flame is an opportunity for businesses to reassess defences
This was first published in July 2012