Nextgov is reporting that someone has been conducting a targeted attack against federal agencies and contractors. It appears that the attackers are trying to infiltrate aircraft designers’ computers in order to spy on the U.S. government’s plans for remotely piloted aircraft. Alienvault Labs has studied this attack, dubbed “Sykipot”, and reported on it in detail. Alienvault Labs found:
The modus operandi is simple, they send emails with a malicious attachment or link, sometimes using a zero-day exploit to key employees of different organizations.
The attack, which has been running since at least September of 2011, uses images such as these as bait to attack the victims.
After installation, the malware takes orders from the attackers’ command and control server. The hacker can extract documents from the victims’ machines or insert phony materials.
Alienvault Labs observes:
It’s true that the piece of malware isn’t too sophisticated, but it is related with at least six zero-day attacks that require skills and/or money. Anyway we have been seeing that “not too sophisticated malware” works, see Shady RAT for instance that targeted organizations ranging from defense contractors to accounting firms.
What can be done to defend the against spearphishing? Potential victims can adopt a tool that identifies trusted email so that the target of the spearphishing attack can distinguish real email from fake email. That tool is SP Guard from Iconix.
SP Guard provides the recipient with three confirmations that a message is real:
- List View. There is an integrity indicator in the list view of the email client.
- Message. The open message has a further indicator of authenticity.
- Mouseover. Mousing over the authentication indicator in the message prompts the display of a certificate that further identifies the sender.
SP Guard now offers a fraud filtering enhancement. This additional protection is becoming increasingly important given the latest generation of highly targeted spear-phishing emails which are so well crafted that users cannot tell real from fake.
SP Guard is available now from Iconix. For further information, contact us at 408-727-6342 , ext 3 or use our online form.