‘Flame’ Virus strikes Iranian networks. Is this full scale cyber-war?

In an article in the UK Telegraph, it was reported yesterday that “the virus, named Flame or Skywiper, could only have been created by a state, according to analysts who have investigated it and the pattern of infection.”  Flame, which was discovered on the heels of the Stuxnet virus that targeted Iranian uranium enrichment efforts, appears to be much more complex, much more dangerous and much more sophisticated than Stuxnet.


Flame was designed to penetrate networks undetected, and steal data, including actively spying  on users by taking over their microphones, logging keystrokes and hijacking video cameras.  Kaspersky Labs, a Russian antivirus vendor, reports that this is ‘twenty times more complicated’ that the earlier virus that struck Iran.


At first glance, it may be easy for US centric interests and small business owners to pass this off as a ‘win for the good guys’ and move on. But, if as theorized, these are calculated attacks from Israel and/or the US, what does that mean for our future?  If the next ‘war’ is fought on our PCs and networks, small business owners may have the worst to fear.  Long past are the days where viruses were mischievous more than harmful, filling our mailboxes with ‘I Love You’s and deleting data.  Terrorists, espionage organizations, and cyber-criminals are already launching targeted attacks on business and government websites.  Unless you are actively defending your corporate network with a good firewall, an active and monitored AV program, and an aggressive patch strategy, you may easily end up being caught in the cyber war crossfire of these targeted attacks.  These areas are often ignored by small businesses as risks that they don’t need to be concerned with.  Too often, we have heard business owners exclaim that they had nothing that anyone would want.  We have to tell them that we beg to differ.


First of all, your server is valuable in itself.  Let’s assume that you keep no personal data, no credit card numbers and no technological secrets on your system’s hard drives.  Sometimes, it is enough to simply hijack your computers to attack other entities.  No one wants the FBI raiding their offices with a search warrant and walking out with your server & network gear.  Unlikely?  Maybe.  Death to your business?  Most likely.


Second, you may not store personal data, but your employees might.  Banking online at work, shopping through Amazon or eBay at lunch. What is your liability if your employees personal data is stolen?


As nation states and their enemies take to cyberspace to fight the war, don’t leave your systems undefended.  Contact your Impact! Technologies representative today and ask “am I protected”?  There is no system that is 100% safe, but we can help ensure that you have taken all reasonable efforts and understand the risks so you can make an informed business decision as to the level of security your business should implement.