Kaspersky Lab CEO Exposes State-Backed Duqu 2.0 Malware Attack
Eugene Kaspersky, CEO of Kaspersky Lab, has revealed a sophisticated malware attack on his company and others using a Windows Kernel vulnerability. Dubbed Duqu 2.0, the malware is believed to be state-sponsored, with strong evidence pointing to Israel.
Duqu 2.0, an advanced variant of the 2011 Duqu malware, exploited a vulnerability (CVE-2015-2360) in the Windows Kernel. Microsoft addressed this issue in their MS15-061 patch this month. The malware's code shows signs of development since its original appearance, suggesting state backing.
Security experts attribute Duqu 2.0 to state-sponsored actors. Its use in attacks on Iran nuclear negotiators in 2015 strengthens this belief. Other recent vulnerabilities include MS15-057 in Windows Media Player, Adobe Flash's APSB15-11 with critical issues, and MS15-056 for Internet Explorer, which fixes 24 vulnerabilities, 20 of them critical and leading to Remote Code Execution.
Internet Explorer has seen the most vulnerabilities this year, averaging over 20 per month. Microsoft recommends applying IE bulletins promptly to stay ahead of potential attacks. Another critical issue, MS15-059, affects all current versions of Microsoft 365, allowing attackers to take control of a target's computer through a malicious file.
Duqu 2.0's state-backed origins and advanced capabilities underscore the importance of staying up-to-date with security patches. Users and organizations are urged to apply the latest Microsoft updates, including MS15-061, MS15-057, APSB15-11, MS15-056, and MS15-059, to protect against emerging threats.
