Ongoing Attacks Target Defense, Aerospace Industries 77
Gunkerty Jeb writes "Researchers have identified a strain of malware that's being used in a string of targeted attacks against defense contractors, government agencies and other organizations by leveraging exploits against zero-day vulnerabilities. The attacks may have been going on since 2009 in some form and the emails containing the malicious attachments are specifically targeted at executives and officials in various industries using fake conference invitations. The attack campaign, as many do, appears to be changing frequently, as the attackers use different binaries and change up their patterns for connecting to remote command-and-control servers. The research, done by Seculert and Zscaler, shows that the attackers are patient, taking the time to dig up some information about their potential targets, and are carefully choosing organizations that have high-value intellectual property and assets (PDF)."
Well, it's called "Defense" (Score:4, Interesting)
So, let's see it defend.
I wonder... (Score:4, Interesting)
Yet, there is no cold war (Score:2, Interesting)
I think I've seen these. (Score:5, Interesting)
I work for a military-tech company of sorts, and I'm pretty sure I've seen malicious emails like this.. sounds pretty familiar with the bogus conference invites. Fortunately, the company seems to have competent IT, and most non-software people have pretty locked-down machines. Also, if you actually click a link in a malicious email, our internal DNS redirects to a page that essentially calls you an idiot for clicking that link, and warns you to be suspicions of certain emails or else IT will come give you a stern talking to.
Executable attachments simply don't get through, as is common with corporate email. There are better ways to send things anyway.
Certainly some emails would get through the cracks, but whatever my IT department does to make this work seems pretty effective.