It is becoming increasingly challenging for companies to stay one step ahead of cyber-criminals. A book on “Vulnerability Management for Dummies” isn’t likely to be very helpful. Given the level of sophistication of the constant attacks plaguing large companies and individuals, you would need a Master’s degree in computer programming at minimum.
Cyber-criminals have now devised a malware designed to infiltrate portable documents, commonly known as PDF. Generally, malware is intended to be intercepted by antivirus software.
Defense analysts cited in online commentaries said the PDF attacks were aimed at corporate and government institutions and were part of sophisticated schemes aimed at stealing information from systems otherwise thought to be secure and protected by firewalls.
Several corporate sources confirmed defense organizations were targeted in the attacks. The attackers appear to be nicely funded and the attacks could come from an unknown country or corporate entity – making it more difficult to track the offenders.
News of the latest cyber-threat coming through PDF files followed warnings from computer software company Symantec and comments from defense manufacturer Lockheed Martin, along with software provider Adobe who acknowledged the risks.
Symantec said cyber-criminals are trying to take advantage of the alleged weakness in Adobe’s PDF reading and editing software with the family malware called Sykipot.
The attacks are very sophisticated in that they aim the malicious code at so called zero-day vulnerabilities that as yet haven’t been reported by security experts or software makers – as I said – one step ahead. In addition, the attackers also hit PDF as a common business application hoping that many users wouldn’t have kept up with the latest security patches. Many users are not diligent in updating their software.
Before the risks to PDF files came to light, computer users worldwide were made aware of risks in opening attachments of texts or graphics written in Microsoft Word, Excel and other word and image applications.
In early December, Symantec reported a high volume of e-mail carrying Sykipot malware aimed at Acrobat Reader and Acrobat editing software. The majority of messages were sent to high-ranking executives who could have sensitive or strategic information on their computer networks.
These hackers are quite efficient in that they were initially able to send commands to targeted computers to grab system and network information and determine whether a computer system was worth hacking into. The attackers were also able to customize commands to extract the information.
Adobe was apparently alerted to the risk by Lockheed Martin and the Defense Security Information Exchange, a group of major defense contractors that share information about computer attacks.
DSIE includes companies that are part of the so-called the “Defense Industrial Base,” some of the largest U.S. defense contractors, including Boeing, General Dynamics, Lockheed Martin, Northrop Grumman, Pratt and Whitney and Raytheon, Computerworld said.
An image of a redacted email of the attack’s bait was published by Symantec. It was a sample of the pitches meant to trick recipients into opening the attached PDF document. The bait - the promise of a 2012 guide to policies on new contract awards.
The Sykipot malware encrypts the pilfered data after it has been retrieved from the victimized firm, but while it is still stored on the company’s network, as well as when it’s transmitted to a hacker-controlled server.
Read story@ upi
Tags: crime, cyber attack, cyber crimes, Electronic Countermeasures - Debugging, hacking, Online Security
