Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Government Security Your Rights Online

Ongoing Attacks Target Defense, Aerospace Industries 77

Posted by Soulskill
from the hackers-want-spaceships-with-lasers dept.
Gunkerty Jeb writes "Researchers have identified a strain of malware that's being used in a string of targeted attacks against defense contractors, government agencies and other organizations by leveraging exploits against zero-day vulnerabilities. The attacks may have been going on since 2009 in some form and the emails containing the malicious attachments are specifically targeted at executives and officials in various industries using fake conference invitations. The attack campaign, as many do, appears to be changing frequently, as the attackers use different binaries and change up their patterns for connecting to remote command-and-control servers. The research, done by Seculert and Zscaler, shows that the attackers are patient, taking the time to dig up some information about their potential targets, and are carefully choosing organizations that have high-value intellectual property and assets (PDF)."
This discussion has been archived. No new comments can be posted.

Ongoing Attacks Target Defense, Aerospace Industries

Comments Filter:
  • by Anonymous Coward on Tuesday January 31, 2012 @05:46PM (#38882439)

    True. We need to do more to limit the opportunity for user's to open the doors.

    Start with attachments. PDF files should be intercepted and extracted by the mail server, and reprinted to a new PDF file through a PDF engine that is enhanced to strip things like external links, javascript, etc., then replaced with a link so the user will pull the message from the internal secure attachment storage.

    Archive attachments get expanded, recursively, processed, and re-archived.

    All attachments should be checked for proper extensions. Executives and active content should be stripped.

    Also attachments should be retained for 90 days or so, and have new virus sigs run against them, so if some 0-day exploit got through last week, you at least detect it and can take remedial action.

If I'd known computer science was going to be like this, I'd never have given up being a rock 'n' roll star. -- G. Hirst

Working...