Monday, 7 September 2015

Vital Infrastructure USA Attacked Via Flash Leak


Vital infrastructure in the United States has become the target of an attack in which attempts were made to infect computers via a zero-day vulnerability in Adobe Flash Player with malware. It reports the Industrial Control Systems Cyber ​​Emergency Response Team (ICS-CERT) of the US government.

It was a spear phishing campaign that focused on different sectors, including chemicals, major manufacturing, energy and government facilities. The attackers sent out customized e-mails with links to different websites. On these sites was inserted malicious code that made ​​abuse of a zero-day vulnerability in Adobe Flash Player, so the ICS-CERT says. The vulnerability was patched by Adobe on June 23 and was already attacked at that time, according to Adobe.

The same group of attackers behind this attack used beginning in 2014, social engineering and social media to carry out explorations and business personnel to attack. In one case, the attackers used a social media account and pretended to be a possible candidate for this job. They approached the employees of a critical infrastructure environment and asked about the name of the IT manager and what software versions were used.

The attackers asked for feedback on a job application and sent it file "resume.rar" via e-mail. The rar file contained three files, including a malicious version of the open source TTCalc application, which the computer company employee with a backdoor infected. The attack was quickly discovered and the attackers would have had no access to control systems. "Although the motivation of the attackers remains unknown, allows the use of social media and zero-day exploits that they undertake serious efforts to gain access to the networks of critical infrastructure", according to the ICS-CERT (pdf).

No comments:

Post a Comment