The U.S. aerospace industry is being attacked with zero day exploits of Adobe Flash.
How did the attackers install the malware on victims’ systems? The attackers used targeted spearphishing emails. In this case, the attackers sent an email with an attachment that was the schedule for an upcoming industry conference. There was no reason for an aerospace engineer to doubt the validity of an email about an upcoming industry conference. When the victim opened this attachment, the malware was installed. This is the evil attachment:
Of course, because the attachment looks completely benign, the victim has no idea what has happened.
You can read more about this attack at AlienVault and FireEye.
Now that the attack has been discovered, a patch has been released. This attack reiterates the cycle of attack, discovery, remediation, which Websense has termed the “sacrificial lamb” model — “where some user, somewhere, must become the first victim.” At Iconix, we don’t subscribe to the sacrificial lamb model. We believe that prevention is an important layer in the multi-layer defensive strategy. SP Guard from Iconix provides the ability to distinguish real email from spearphishing attacks. You can contact us at 408-727-6342 ,ext 3 or use our online form.