On November 6, 2013, we wrote about a McAfee’s discovery of a new Zero Day Exploit (ZDE) in Microsoft Office.
Symantec is now reporting that although the good guys discovered this ZDE on October 31, 2013, the bad guys have been using it since May of 2013. Symantec observes:
After analyzing the payloads being used in this attack, we have identified that the targeted emails are part of an attack campaign known as Operation Hangover, which we covered back in May 2013 in the blog post: Operation Hangover: Q&A on Attacks. At that time, the group behind these attacks was known to have used multiple vulnerabilities, but was not known to have used any zero-day flaws in the attacks. As predicted in our previous blog post, the exposure of Operation Hangover would not adversely affect the activities of the group orchestrating the campaign, which can be clearly seen now with these latest activities involving the zero-day vulnerability. (emphasis added)
The unfortunate reality of Advanced Persistent Threats (APT) is that, as Dr. Frederick Chang, former NSA Director of Research observed:
… cybersecurity is fundamentally about an adversarial engagement. Humans must defend machines that are attacked by other humans using machines.
The attackers find a vulnerability and exploit it. The defenders discover the exploit and defend against it. Then the attackers find a new vulnerability and the process repeats.
Look at the APT kill chain:
Iconix operates at step 3 – the point at which attackers use social engineering to guide people into bad decisions. IT can mitigate this vulnerability by helping employees make better email processing decisions. That is where SP Guard comes into play. Using SP Guard, IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner.
You can contact us at 408-727-6342,ext 3 or use our online form.