Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ongoing Attacks Target Defense, Aerospace Industries

Posted by Soulskill on from the hackers-want-spaceships-with-lasers dept.

Gunkerty Jeb writes "Researchers have identified a strain of malware that's being used in a string of targeted attacks against defense contractors, government agencies and other organizations by leveraging exploits against zero-day vulnerabilities. The attacks may have been going on since 2009 in some form and the emails containing the malicious attachments are specifically targeted at executives and officials in various industries using fake conference invitations. The attack campaign, as many do, appears to be changing frequently, as the attackers use different binaries and change up their patterns for connecting to remote command-and-control servers. The research, done by Seculert and Zscaler, shows that the attackers are patient, taking the time to dig up some information about their potential targets, and are carefully choosing organizations that have high-value intellectual property and assets (PDF)."

14 of 77 comments (clear)

  1. Well, it's called "Defense" by Shag · · Score: 4, Interesting

    So, let's see it defend.

    --
    Village idiot in some extremely smart villages.
  2. I wonder... by AngryDeuce · · Score: 3, Interesting

    China? Wouldn't be surprised...

  3. Yet, there is no cold war by Anonymous Coward · · Score: 2, Interesting

    Or so some proclaim. I have to laugh all the times that I see people posting that there is no cold war by china against the west. China is NOT interested in what is best for their citizens. China is not even interested in grabbing Taiwan and simply calling it quits. They are interested in what will put their communist leadership in effective control. Sadly, most republicans and a number of dems are working hand in hand with the communist and handing it over to them.

  4. Re:Cyber-Defense by eternaldoctorwho · · Score: 3, Funny

    Looks like we need to step it up a cyber-notch.

    FTFY

  5. I'd feel bad but... by Nyder · · Score: 4, Insightful

    they reap what they sow.

    You want to make the most profit you can, so you undercut. You leave things out, like good security. You make bad choices, all in the name of profit.

    Well, you can't skimp on computer security, can you?

    --
    Be seeing you...
    1. Re:I'd feel bad but... by bkaul01 · · Score: 4, Insightful

      Problem is, these attacks don't primarily rely on bad security for their point of entry, but on fooling users. You can have the most secure network in the world, but if a user clicks a malicious link that uses the latest zero-day exploit on some Adobe product, it doesn't matter. These aren't people finding holes in firewalls or ill-conceived or executed security plans; they're targeting pretty well-constructed, legit-looking attacks at specific individuals. You or I might be able to discern a malicious e-mail, even if it's really well put together, and something like 90% of other educated users can too, but if they get one or two people to click out of a few hundred, that's all it takes sometimes.

    2. Re:I'd feel bad but... by Maximum+Prophet · · Score: 2

      Problem is, these attacks don't primarily rely on bad security for their point of entry, but on fooling users. You can have the most secure network in the world, but if a user clicks a malicious link that uses the latest zero-day exploit on some Adobe product, it doesn't matter. ....

      The thing is, often there's no need for any Adobe product at all. It's nice to have all the bells and whistles, but you can conduct business with plain ascii text emails, and other simpler, more secure systems. You can also use physical firewalls to prevent data from moving from/to the Internet.

      --
      All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
    3. Re:I'd feel bad but... by wmbetts · · Score: 4, Insightful

      When you're doing a targeted attack with an 0day in something like an ms office product it's pretty simple to get into the network. For example:

      I send a resume to them that's not really a resume it's an 0day in word or adobe. This will get me into HR.
      From HR I then send a list of xyz from a valid and known HR email address that would be of interest to some other manager in another department. I now have an in HR and the other department. I setup filters on the HR ladies computer so she/he won't see any replies to that email. I then send a sorry I didn't mean to send that yet follow up to any replies thus terminating the conversation about said spread sheet, PDF, or what ever.

      Repeat until you have everything you want. Once you have the systems you want just sit there and monitor everything and you'll have all the designs, source, etc.

      I know it might sound far fetched, but I saw something very similar happen at a maker of guitar peddles. They hacked the email server and then did the above and got repo access to the firmware source code and where gone before anyone knew what happened. As far as I know they never figured out who did it, but it was suggested that it was a foreign company.

      --
      "Ubuntu" -- an African word, meaning "Slackware is too hard for me". - stolen from Dan C alt.os.linux.slackware
    4. Re:I'd feel bad but... by Anonymous Coward · · Score: 2, Informative

      True. We need to do more to limit the opportunity for user's to open the doors.

      Start with attachments. PDF files should be intercepted and extracted by the mail server, and reprinted to a new PDF file through a PDF engine that is enhanced to strip things like external links, javascript, etc., then replaced with a link so the user will pull the message from the internal secure attachment storage.

      Archive attachments get expanded, recursively, processed, and re-archived.

      All attachments should be checked for proper extensions. Executives and active content should be stripped.

      Also attachments should be retained for 90 days or so, and have new virus sigs run against them, so if some 0-day exploit got through last week, you at least detect it and can take remedial action.

    5. Re:I'd feel bad but... by damm0 · · Score: 2

      Uh, No. A smooth and engaging first impression can be a critical moment for a product or sales effort. Also, people feel more comfortable when the people they are talking with "look like them". On the Internet, "look like them" really translates into "my emails look like their emails" or "my documents are written in Word, and so are theirs." This application-generated serif is important! So, no, businesses are not going to switch over to emails in plain ASCII because you happen to think it is more secure. Which it isn't, by the way, because you can have plain-ascii emails all you want, but you'll never get rid of attachments, and that's where they'll really nail you. Tell me what kind of work you do, and I'll tell you what kind of attachment you will open every time.

  6. I think I've seen these. by Anonymous Coward · · Score: 5, Interesting

    I work for a military-tech company of sorts, and I'm pretty sure I've seen malicious emails like this.. sounds pretty familiar with the bogus conference invites. Fortunately, the company seems to have competent IT, and most non-software people have pretty locked-down machines. Also, if you actually click a link in a malicious email, our internal DNS redirects to a page that essentially calls you an idiot for clicking that link, and warns you to be suspicions of certain emails or else IT will come give you a stern talking to.

    Executable attachments simply don't get through, as is common with corporate email. There are better ways to send things anyway.

    Certainly some emails would get through the cracks, but whatever my IT department does to make this work seems pretty effective.

  7. A day in the life of a defense executive... by thestudio_bob · · Score: 5, Funny

    Hmmm.... I don't remember having a conference call with a Nigerian prince. Maybe he wants to by a lot of defense equipment. Awesome!

    --
    The real Sig captains the Northwestern. This one captains /.
  8. Here is what I would consider the major problem... by sir+lox+elroy · · Score: 2

    The Gov't and a lot of corporations run their networks like a home network. Flash, sure you can have that because you might want on YouTube and that is a good use of tax payer funds. Acrobat, yah here you go, never mind there are pdf viewers out there that are more secure. Whitelists and blacklists, nah, our users can sit around and watch porn all day, that is an even better use of taxpayer funds. Word docs and spreadsheets, yah you can send and receive those without worrying. We only scan your email for anything you say reguarding our CEO of the company or President of the US, but send and receive those viruses all day long as we have not figured out good perimeter security. Speaking of perimeter security, just email everything you want back and forth that is secure right, or download it to your laptop if you work for the VA.

    --
    Kosh: "Understanding is a 3 edged sword, your side, their side, the Truth."
  9. Re:Cyber-Defense by TiggertheMad · · Score: 3, Funny

    Looks like we need to step it up a bit.

    FTFY

    FTFFY

    --

    HA! I just wasted some of your bandwidth with a frivolous sig!