Businesses need to focus on upgrading their defences against the Equation malware, rather than worry about whether the NSA is its author, according to experts within the security community.
Kaspersky Lab's Global Research and Analysis Team (Great) went public about the Equation campaign during the firm's Security Analyst Summit (SAS) on Tuesday.
The campaign is believed to have infected thousands, if not tens of thousands, of systems using a next-generation portfolio of "implants", i.e. Trojans, some of which could infect hard drives' operating systems with malware.
Speculation quickly spread that the Equation group may have ties to the NSA as elements of it shared code with the Flame and Stuxnet malware and certain attack tools detailed in files leaked by whistleblower Edward Snowden.
The theory gained ground when an NSA spokesperson declined to outright deny any involvement, telling V3: "We are aware of the recently released report. We are not going to comment publicly on any allegations that the report raises, or discuss any details."
Experts within the security community have since come forward arguing Equation's alleged links to the NSA are distracting businesses from more pressing issues.
Chief security strategist at FireEye Jason Steer told V3 that while the attack has the hallmarks of a state-sponsored threat, its complexity makes attribution close to impossible.
"FireEye had detection for this threat since November of last year and FOX IT and others have also announced the discovery of this group. The creators of this attack are clearly well funded and motivated, which would hint at the prospect of them targeting very important people," he said.
"[But] attribution is always very hard to do; leaving false clues to confuse investigators and researchers makes it very hard to know with 100 percent confidence who is really behind it."
Proofpoint vice president of advanced security and governance, Kevin Epstein agreed, pointing out there are many criminal groups with the resources to mount a campaign like Equation.
"While it's almost preferable to want to attribute such sophistication in malware to a nation state with some accountability, legal constraints, and potentially benevolent surveillance and protection purposes, many organised crime organisations also have extremely sophisticated capabilities," he said.
Epstein added the desire to attribute Equation to the NSA is likely wishful thinking on UK businesses' part.
"Software designed for covert monitoring or exfiltration of data may or may not have an overall negative impact on industry, depending on the legal standing of the entities using it," he said.
"For example, if such surveillance enables detection of other, malicious actors. It's likely software installed by organised crime would be less preferable than that used by actors bound by some rule of law, such as one's own government."
Malware expert at Tenable Network Security Ken Bechtel echoed Epstein's sentiment, arguing the focus on attribution is distracting businesses from the real lessons they should learn from Equation.
"The reality is that it is not possible to know with any degree of certainty who was behind these attacks. However, the old adage still holds true: if a bad guy can persuade you to run his program on your computer, it's not your computer anymore," he said.
"Whether or not this malware represents a threat to you, your organisation, or your country, is probably a distracting question.
"There will always be new and novel malware. More important is the process of working out which threat actors are your primary concerns, and putting together a coherent strategy to deal with those."
Resetting the telemetry circuits and associated boards brought the instrument back to operations mode
Fortnite news and updates: Flaw in Fortnite authentication could have helped attackers steal player login credentials
Attackers could have used Fortnite security flaw to buy in-game currency on players' stored credit cards
New photos show cotton seeds sprouting in sealed container - with other plants expected to sprout within days
Sudden increases in availability of sniper rifles on Vikendi