Actual Impact of ‘The Mask’ Group’s Actions Still to Come - Experts
Few days ago, probably the first week of February 2014, Kaspersky, a well-known Russian security firm, disclosed the presence of a chief cyber-espionage operation known as "The Mask" which had targeted large number of organizations in 31 countries. Softpedia.com reported the warning of experts on 11th February, 2014 stating that the actual blow of 'The Mask' group's operations which is masterminds of the Mask virus is still to follow.
The Mask group apparently consisted of Spanish language persons, who have been working behind the scenes since 2007 and have managed to embezzle insightful details like digital certificates, SSH (Secure Shell) keys and encryption keys from the computers of over 380 victims by employing the invasive 'Mask' virus.
Softpedia.com published news on 11th February, 2014 quoting Kevin Bocek, Vice President of Security Strategy and Threat Intelligence at Venafi, as saying that their collective attempts have been recognized and closed after seven years but the actual impact is still awaited because they own thousands of certificates and keys and as a result possess the networks, applications and servers of the infringed. They can mimic websites with embezzled keys and certificates and possess root-level access with Secure Shell keys.
If the breached organizations don't fight back and modify their keys and certificates instantly then these organizations will suffer a lot, he further added.
Bocek highlights that if all these important elements like digital certificates are hijacked then it may perhaps have a immense impact on data hubs.
If business houses and governments don't get a hold on the usage of certificates and can't answer to these attacks, we might be empowering bulldozers. According to a statement published by Venafi.com on 14th February, 2014 Bocek noted that our data hubs are useless if the basic element which is digital certificates is hijacked.
The security expert concluded "We don't have technology which can replace the digital certificates and so we have to fight by demolishing the bad and start fresh otherwise the actuality Gartner highlighted of 'living in a world without trust' shall become a reality".
» SPAMfighter News - 24-02-2014