Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/3/2008
07:24 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

The Steady Rise Of Targeted Trojan Attacks

Look before you click may be a good idea for a new IT security public awareness campaign. Consider the reports coming out of South Korea that North Korean spyware made it's way onto the computer of a S. Korean army Colonel. There's no reason why this can't happen to you.

Look before you click may be a good idea for a new IT security public awareness campaign. Consider the reports coming out of South Korea that North Korean spyware made it's way onto the computer of a S. Korean army Colonel. There's no reason why this can't happen to you.Here's the news from The Chosun IIbo:

A North Korean spyware e-mail was reportedly transmitted to the computer of a colonel at a field army command via China in early August. The e-mail contained a typical program designed automatically to steal stored files if the recipient opens it. It has not been confirmed whether military secrets were leaked as a result of the hacking attempt, but their scale could be devastating given that the recipient is in charge of the South Korean military's central nervous system -- Command, Control, Communication, Computer & Information (C4I).

Now, imagine if that happened to your company, only it's not military secrets, but corporate secrets, preannounced earnings reports, or the financial information of customers. It could happen, and it only requires a single employee clicking the wrong link, or inserting the wrong USB drive.

These types of attacks aren't anything new. In mid-2005, the U.K.'s Centre for the Protection of National Infrastructure (CPNI) warned that Trojan-horse attacks were targeting certain U.K. companies and government agencies.

This is from a SecurityFocus news story at the time:

This week, security company Symantec sorted through low-volume e-mail threats submitted to its response team for analysis and found several that had targeted U.S. government agencies or had been submitted to Symantec from government sources in the United States. (Symantec is the parent company of SecurityFocus.)

"This appears to be a very specific virus writer targeting government agencies and, not as (other articles) suggested, targeting only U.K. government agencies," said Dave Cowings, senior business intelligence manager for Symantec.

More recently, InformationWeek covered a warning from the SANS Internet Storm Center explaining that executives were being targeted with phishing e-mails that used fake subpoenas as bait. Click on the link and you're sent to a Web site crafted to push a Trojan to the system of the victim:

The SANS Internet Storm Center on Monday warned that CEOs of some companies are being targeted with a phishing attack involving fake federal subpoenas sent via e-mail.

"We've gotten a few reports that some CEOs have received what purports to be a federal subpoena via e-mail ordering their testimony in a case," said John Bambenek, a security researcher at the University of Illinois at Urbana-Champaign and Internet Storm Center handler, in an online post. "It then asks them to click a link and download the case history and associated information. One problem: It's totally bogus."

These types of targeted attacks are, when it comes to security, the new black. Gone, for the most part, are the days of high-impact worms. It's about getting a foothold into your organization, and that can be done via a phishing attack, or from a bogus e-mail that looks to come from someone you know, to a fake profile on a social networking or microblogging site designed to do nothing more than infiltrate a targeted company, agency, or person of interest.

One of the best defenses against these types of attacks isn't anti-malware, content filtering, or IDS -- it's a workforce made aware of the dangers.

How do you fight targeted attacks aimed at your company? Let me know. And consider following my security (and other) observations throughout the day on Twitter.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.