Ongoing Attacks Target Defense, Aerospace Industries 77
Gunkerty Jeb writes "Researchers have identified a strain of malware that's being used in a string of targeted attacks against defense contractors, government agencies and other organizations by leveraging exploits against zero-day vulnerabilities. The attacks may have been going on since 2009 in some form and the emails containing the malicious attachments are specifically targeted at executives and officials in various industries using fake conference invitations. The attack campaign, as many do, appears to be changing frequently, as the attackers use different binaries and change up their patterns for connecting to remote command-and-control servers. The research, done by Seculert and Zscaler, shows that the attackers are patient, taking the time to dig up some information about their potential targets, and are carefully choosing organizations that have high-value intellectual property and assets (PDF)."
Re:I'd feel bad but... (Score:2, Informative)
True. We need to do more to limit the opportunity for user's to open the doors.
Start with attachments. PDF files should be intercepted and extracted by the mail server, and reprinted to a new PDF file through a PDF engine that is enhanced to strip things like external links, javascript, etc., then replaced with a link so the user will pull the message from the internal secure attachment storage.
Archive attachments get expanded, recursively, processed, and re-archived.
All attachments should be checked for proper extensions. Executives and active content should be stripped.
Also attachments should be retained for 90 days or so, and have new virus sigs run against them, so if some 0-day exploit got through last week, you at least detect it and can take remedial action.