Researchers this week revealed the discovery of computer malware so sophisticated that it managed to hide undetected within enterprise and government computers for five years.
Named after an omnipotent Lord of the Rings character, Project Sauron is an unusually well crafted piece of software. Once installed, it lives entirely in computer memory, leaving no predictable trail of server domain names or IP addresses. It can even infect "air gapped" computers not granted access to the network. Then it simply lies dormant, a sleeper cell of sorts, awaiting further instruction.
Sauron has been siphoning information from some of the world’s most fortified networks in Russia, China, Belgium, Iran and Sweden since 2011. And that makes researchers very nervous they can’t keep any digital data safe from determined actors.
The malware was first discovered by researchers at Kaspersky Labs and Symantec when a client asked about a superfluous program that seemed to run with each new log-in. Sauron was masquerading as a simple Windows password filter yet it recoded passwords, cryptographic keys, configuration files and IP addresses in plain text.
In a detailed report the analysts noted 50 modules of the same strain had infected at least 37 organizations in government, telecommunications, financial services and elite research facilities. Many authorities fear that is just the tip of the iceberg.
Given the targets, level of sophistication and nature of the data taken, the expert opinion is that Sauron is an espionage service of a state-sponsored actor.
According to research firm Gartner (IT), the market for cyber security software and services is now about $75 billion. While it expects the market will reach $170 billion by 2020, the major players have been rocked by growing expenses and a series of high profile hacks. Cyber security seems to be one of the few sectors where bad actors are winning.
When a new piece of malware like Sauron is discovered, the natural inclination is to look to researchers for a solution. We’re trained to have faith the good guys will fix everything. That isn’t always the case in cyber security. The bad guys often have more resources. This is especially true when they are state sponsored. Protecting digital data in that brave new world is difficult.
It’s too early to tell who is behind Sauron. It’s not too early to understand they are playing on a different level. I'm not yet ready to recommend shares of a cyber-security software firm, as margins are under pressure still, but it could come in the next few months.
