Hadn’t We Figured the Whole Email Attachment Thing Out?

Cyber Politics, Security & Privacy

 

F-Secure Labs recently released an analysis of the NanHaiShu Remote Access Trojan, which they believe was used to target “government and private-sector organizations that were directly or indirectly involved in the international territorial dispute centering on the South China Sea.”

So what does it look like when you’re hit with a cyber attack that may involve some of the most powerful nations on earth?

This:

spearphishing email

Pretty harmless, right?

But click on that attachment and you’ve invited hackers — possibly even attackers backed by a nation-state — into your network.

An attachment owning fools in 2016? The first piece of internet security advice you ever heard was probably, “Don’t click on attachments you weren’t expecting!”So who’d click on that?! Employees at prestigious international law firms, government agencies and possibly even the world’s most powerful political parties.

So how is this happening?

Maybe it’s a lesson that doesn’t sink in, no matter how many times you’ve heard it. Or maybe cyber criminals have just gotten so good at tricking us with them that, like so many old threats, it’s new again.

Give that this method of infection is being used by attackers at the highest levels of cyber espionage, we have to assume the latter.

Where attackers used to send mass emails out with infected attachments hoping to infect just a small percentage of the recipients, these new attacks utilize “spearphishing” techniques.

“These are communications that appear legitimate — often made to look like they came from a colleague or someone trusted — but that contain links or attachments that when clicked on deploy malicious software that enables a hacker to gain access to a computer,” The Washington Post explained.

These emails are carefully crafted or “socially engineered” to seem relevant. Often, as in the case above, they play on our greatest desires, such as money in the form or salary or bonus information.

One big reason attackers have gotten so much better at targeting us is that so many of us have decided to make details about our lives public via social media. This is why hackers love your LinkedIn profile.

So should you scrub your profile and hide in a time capsule to avoid these attacks?

You should definitely be mindful that strangers know more about you than ever and be wary of of strange email that seems overly eager to get you to click on a link or attachment. But these threats are so pervasive and potentially harmful, that they need to be addressed at an organizational level.

Our Labs team put together a Threat Intelligence Brief with several recommendations for avoiding RATs like NanHaiShu, including disabling the opening of email file attachments sent from unverified sources as an enforced policy for all installed email programs.

That way, you’re unlikely to be the weak link that attackers are always looking for.

 

0 Comments

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

You might also like