Ongoing Attacks Target Defense, Aerospace Industries 77
Gunkerty Jeb writes "Researchers have identified a strain of malware that's being used in a string of targeted attacks against defense contractors, government agencies and other organizations by leveraging exploits against zero-day vulnerabilities. The attacks may have been going on since 2009 in some form and the emails containing the malicious attachments are specifically targeted at executives and officials in various industries using fake conference invitations. The attack campaign, as many do, appears to be changing frequently, as the attackers use different binaries and change up their patterns for connecting to remote command-and-control servers. The research, done by Seculert and Zscaler, shows that the attackers are patient, taking the time to dig up some information about their potential targets, and are carefully choosing organizations that have high-value intellectual property and assets (PDF)."
My machine is fine. (Score:2)
I'm a military contractor so I'm getting a
30 spins on the house!
We decided to treat you with a present of 30 spins without making a deposit.
If you feel like having a gamble but you don't want to risk anything because you are unsure of how it all works, then this No deposit bonus solution is just for you.
In addition to that you can have our 1000CAD Welcome bonus package.
If you feels like you want to make a deposit we'll match it up to 1000CAD on your first four deposits!
There was never better time to sign in
Cyber-Defense (Score:1)
Re: (Score:3, Funny)
Looks like we need to step it up a cyber-notch.
FTFY
Re: (Score:1)
Looks like we need to step it up a cyber-notch. * puts on sunglasses *
FTFY
FTFY
Re:Cyber-Defense (Score:4, Funny)
Looks like we need to step it up a bit.
FTFY
FTFFY
Re: (Score:1)
Hmm, I should have applied the * puts on sunglasses * to this one.
Re: (Score:1)
Looks like we need to step it up a bit.
FTFY
FTFTFY
FTFTFFYFY
Re: (Score:2)
Looks like we need to step it up a bit.
FTFY
FTFFY
FTFOAFFY (Fixed That Fix Of A Fix For You), and I win the pedantic war! Balloons for everyone!
Re: (Score:1)
Well, it's called "Defense" (Score:4, Interesting)
So, let's see it defend.
Re: (Score:1)
Re: (Score:2)
It takes 6 hours to receive an email through the firewall and filter, but at least there is no spam.
I wonder... (Score:4, Interesting)
Re: (Score:1)
China runs the pirated infected Windows machines to mask the source of the Russian hackers.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
they'll find a zero day for whatever OS the target is using and then hit it.
... and this one was on Windows. Did I mention Linux anywhere in my post. ??? Is it the first item on the script you Windows fanbois are given for replies to posts like mine? I'll have to give Microsoft credit; they've always been good at astroturfing, even on Usenet back in the '90s.
Yet, there is no cold war (Score:2, Interesting)
I'd feel bad but... (Score:5, Insightful)
they reap what they sow.
You want to make the most profit you can, so you undercut. You leave things out, like good security. You make bad choices, all in the name of profit.
Well, you can't skimp on computer security, can you?
Re:I'd feel bad but... (Score:5, Insightful)
Problem is, these attacks don't primarily rely on bad security for their point of entry, but on fooling users. You can have the most secure network in the world, but if a user clicks a malicious link that uses the latest zero-day exploit on some Adobe product, it doesn't matter. These aren't people finding holes in firewalls or ill-conceived or executed security plans; they're targeting pretty well-constructed, legit-looking attacks at specific individuals. You or I might be able to discern a malicious e-mail, even if it's really well put together, and something like 90% of other educated users can too, but if they get one or two people to click out of a few hundred, that's all it takes sometimes.
Re: (Score:1, Funny)
"You get a mail from the outside that says to send some blueprints to an email address"
I don't think you understand what is going on here. Please come back later.
It's nothing like that
Re: (Score:2)
Yes, it is more like the defense contractors requesting you change the extension of the zip file so it can pass through the firewall...
Re: (Score:3)
Problem is, these attacks don't primarily rely on bad security for their point of entry, but on fooling users. You can have the most secure network in the world, but if a user clicks a malicious link that uses the latest zero-day exploit on some Adobe product, it doesn't matter. ....
The thing is, often there's no need for any Adobe product at all. It's nice to have all the bells and whistles, but you can conduct business with plain ascii text emails, and other simpler, more secure systems. You can also use physical firewalls to prevent data from moving from/to the Internet.
Re: (Score:3)
Re: (Score:2)
tried it, but hackers sent ^G until i had to switch back to sanscrit. (j/k!)
That's part of "defense". (Score:2)
If there is a weakness, plan to reduce / remove / detect-&-mitigate it.
Right now I agree with the GP. They're saving money by farming the responsibility out to the vendor of whatever product they purchase / lease.
Re: (Score:2)
Problem is, these attacks don't primarily rely on bad security for their point of entry, but on fooling users.
Incorrect. Given that users will consistently do things that threaten security, giving them access to potential sources of malware is the very definition of "bad security". If those users' systems are "high value", or those users' systems are are attached to a network connected to "high value" systems, giving those users access to the wild Internet is stupid.
Re: (Score:2, Informative)
True. We need to do more to limit the opportunity for user's to open the doors.
Start with attachments. PDF files should be intercepted and extracted by the mail server, and reprinted to a new PDF file through a PDF engine that is enhanced to strip things like external links, javascript, etc., then replaced with a link so the user will pull the message from the internal secure attachment storage.
Archive attachments get expanded, recursively, processed, and re-archived.
All attachments should be checked for
Re: (Score:2)
Executives and active content should be stripped.
Yeah, I know you're an AC and likely won't see it, but: love the typo. :)
Re: (Score:1)
That's why you don't put your important info on computers that can be accessed over the Internet or access the Internet, you leave them on a secured LAN with no outside access, this also gives the opportunity to charge any person stealing military secrets with espionage and use the death penalty, quite an effective block to this silliness.
Re: (Score:2)
Well that's the fucked up thing.
I'm a military contractor. While I'm waiting for a file to download, I'm posting on /. My other monitor has a spec on it right now.
Nothing I work on with this computer is Classified, FULL STOP. 99% of the documents aren't classified anyway. There's no point and it just makes it harder to work with them.
If for some reason I want to look at a Classified document, I have to do this:
1. Request the document.
2. Get that document request approved and sent to me via a CD with the
Re: (Score:1)
Which is exactly how it should be done.
Why should it be convenient for anyone? I wager 5 quatloos that convenience means little to nothing compared to information security.
Re: (Score:2)
Problem is, these attacks don't primarily rely on bad security for their point of entry, but on fooling users.
Of course any enterprise level security plan should include user awareness training. The idea that security only applies to machines is not correct, even when it comes to IT.
Re: (Score:2)
Re:I'd feel bad but... (Score:5, Insightful)
When you're doing a targeted attack with an 0day in something like an ms office product it's pretty simple to get into the network. For example:
I send a resume to them that's not really a resume it's an 0day in word or adobe. This will get me into HR.
From HR I then send a list of xyz from a valid and known HR email address that would be of interest to some other manager in another department. I now have an in HR and the other department. I setup filters on the HR ladies computer so she/he won't see any replies to that email. I then send a sorry I didn't mean to send that yet follow up to any replies thus terminating the conversation about said spread sheet, PDF, or what ever.
Repeat until you have everything you want. Once you have the systems you want just sit there and monitor everything and you'll have all the designs, source, etc.
I know it might sound far fetched, but I saw something very similar happen at a maker of guitar peddles. They hacked the email server and then did the above and got repo access to the firmware source code and where gone before anyone knew what happened. As far as I know they never figured out who did it, but it was suggested that it was a foreign company.
Re: (Score:2)
This. Plus, it becomes even easier with companies scattered all over the globe because you can't check on particular items that look odd. At least not easily or without the impediment of time zones.
attackers carefully select... (Score:1)
...the latest recipient of their "Clicky here purleese," email with the recruitment.xls attachment.
I think I've seen these. (Score:5, Interesting)
I work for a military-tech company of sorts, and I'm pretty sure I've seen malicious emails like this.. sounds pretty familiar with the bogus conference invites. Fortunately, the company seems to have competent IT, and most non-software people have pretty locked-down machines. Also, if you actually click a link in a malicious email, our internal DNS redirects to a page that essentially calls you an idiot for clicking that link, and warns you to be suspicions of certain emails or else IT will come give you a stern talking to.
Executable attachments simply don't get through, as is common with corporate email. There are better ways to send things anyway.
Certainly some emails would get through the cracks, but whatever my IT department does to make this work seems pretty effective.
targeted at bosses / hire ups / the type of people (Score:2)
targeted at bosses / hire ups / the type of people who don't want IT in there way and they are the type of people who don't want to be locked down mainly as they have no idea on why they need to be locked down like that.
Re: (Score:2)
We are seeing Darwin at work, in an unexpected fashion.
The more idiot bosses/execs that get nailed doing this, the less (theoretically) there will be when all is said and done.
Lets just have some patience, and for now enjoy the show.
Re: (Score:2)
The more idiot bosses/execs that get nailed doing this, the less (theoretically) there will be when all is said and done.
Except, considering the attitudes of pretty much everyone in middle-to-upper management, they will just throw the nearest IT person to the wolves and absolve themselves of any responsibility for their actions.
Been to that rodeo, rode that bronco, got the t-shirt.
Re: (Score:2)
Great in theory, but that's not quite how the universe works.
Make an idiot-proof mousetrap and the universe evolves a smarter better class of idiot.
Re: (Score:2)
The reality is companies should start running networks in parallel. There is not reason that the network that handles email and web browsing should in any way be connected to the internal network. Any data transferred from one network to the other should only be done manually at the computer admin desk, after the data has been scanned and confirmed suitable to leave or be added. It is the simplest way to secure the system and the most reliable. Whilst it might cost a bit more, just one security failure cou
Re: (Score:2)
More "cyber" law enforcement is. . . (Score:1, Insightful)
. . . Going to occur. Meaning, because of crap like this, there will be a greater push for law enforcement types to be on the internet. This does not strike me as a good thing at all. I can see government security freaks pushing against privacy, required internet ID's, and laws against computers and people holding "viruses and other malicious code." As in all other areas, once you give an inch to government control, they will take feet.
Re: (Score:1)
required internet ID's
That will be something new to socially engineer out of people.
If you can't win with advanced weapons... (Score:2)
Re: (Score:1)
I'm a big fan of the atlatl.
A day in the life of a defense executive... (Score:5, Funny)
Hmmm.... I don't remember having a conference call with a Nigerian prince. Maybe he wants to by a lot of defense equipment. Awesome!
old school (Score:1)
Re: (Score:1)
Re: (Score:2)
All it takes is the right email. Since this isn't a mass attempt at phishing, it'll take some research.
First, find out a subcontractor (not hard to do if you read press releases), and a project they're working on.
Then, you find out someone who would have something
executives and officials (Score:2)
Why do such places allow their users to see anything but plain text from outside sources? Since they are vulnable to these exploits, one has to assumme they have a MS infrastructure. Set the outlook group policy to disable preview and display only the plain text portion of a message.
Re: (Score:2)
Time to change the combination on your luggage, eh?
and your login password...
With virtual machines, why is this a problem? (Score:2)
Why isn't all high-value email being run with an outlook client in a locked virtual machine? Say centralized, with a VNC connection and all the anti-malware scrubbing everything and resetting its configuration?
Re: (Score:2, Troll)
Re: (Score:2)
Well known (Score:2)
This is their report from last year on what kind of defense contractors are being targeted and why. (PDF Warning 2011-unclassified-trends [dss.mil].) Social engineering has generally always been the weakest link in a good secure system, but can still be deterred with strict security policies. It's not really a matter of if you'll get infected, but a matter of when. I've heard of incidents
Here is what I would consider the major problem... (Score:2)
Re: (Score:2)
The Gov't and a lot of corporations run their networks like a home network. Flash, sure you can have that because you might want on YouTube and that is a good use of tax payer funds. Acrobat, yah here you go, never mind there are pdf viewers out there that are more secure. Whitelists and blacklists, nah, our users can sit around and watch porn all day, that is an even better use of taxpayer funds. Word docs and spreadsheets, yah you can send and receive those without worrying. We only scan your email for anything you say reguarding our CEO of the company or President of the US, but send and receive those viruses all day long as we have not figured out good perimeter security. Speaking of perimeter security, just email everything you want back and forth that is secure right, or download it to your laptop if you work for the VA.
Well, I don't know which Gov't agencies you've dealt with, but this is not how it works at military installations. You can have Acrobat and Flash, but you don't get anywhere on the Internet that can do real damage save for Facebook and YouTube. You most certainly won't get to any porn sites. The web is heavily filtered at the AF base I work at.
The open-source malware (Score:1)
Who cares. (Score:2)
Has that industry has been utilized for ANYthing other than perpetuating distant wars for the profit of a few corporations at great public expense ?
Which expense, then came out of stuff that reflects directly on people's well being, and the general stability of the society in general, like social security or healthcare ?
why should people give a fuck ? let corporations defend themselves with the money they sucked away from public funds behind the pretense of defense.
PDF (Score:1)
Read the full report in this PDF...