In a further demonstration of the two most important cyber espionage facts:
- Infiltration Is Easy
- Detection Is Hard,
Kaspersky has uncovered malware it terms “The Mask.” Security Week reports:
Powerful and difficult to detect, Careto intercepts all the communication channels and collects the most vital information from the victim’ system.
Detection is extremely difficult because of its stealth rootkit capabilities, and in addition to built-in functionalities, the attackers can upload additional modules which can perform virtually any function.
So far, attacks have been seeing using multiple vectors, including an Adobe Flash Player exploit that targets CVE-2012-0773, a vulnerability patched by Adobe by the end of 2012. According to Kaspersky Lab, the exploit was originally discovered by VUPEN and was used in 2012 to escape the Google Chrome sandbox to win the CanSecWest Pwn2Own contest. . .
As is the case with a majority of APT attacks, The Mask campaign leverages spear-phishing e-mails with links to a malicious website.
“The malicious website contains a number of exploits designed to infect the visitor, depending on system configuration,” Kaspersky explained. “Upon successful infection, the malicious website redirects the user to the benign website referenced in the e-mail, which can be a YouTube movie or a news portal.”
Sophisticated attacks installed using deceptive emails. It appears that The Mask has been active since 2007.
Spearphishers deceive people into making bad email decisions that compromise security. IT needs to help employees make better email processing decisions. That is where SP Guard comes into play. Using SP Guard, IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner.
You can contact us at 408-727-6342,ext 3 or use our online form.