Additional text and analysis by Kyle Wilhoit Throughout 2012, we saw a wide variety of APT campaigns leverage an exploit in Microsoft Word (CVE-2012-0158). This represented a shift, as previously CVE-2010-3333 was the most commonly used Word vulnerability. While we continue to see CVE-2012-0158 in heavy use, we have noticed increasing use of an exploit for…
Read MoreNart Villeneuve (Senior Threat Researcher)
Senior Threat Researcher
Using encrypted communication like Secure Sockets Layers (SSL) along with the clever use of recent news item as a social engineering lure is the perfect combination to penetrate and remain in a targeted entity’s infrastructure. It didn’t take long for targeted attacks to use last week’s Boston Marathon bombing as a bait to trick predetermined…
Read MoreWhile spam botnets are well-known for sending out unwanted ads, especially for “rogue” pharmaceutical companies, they are also an integral component of malware distribution. In addition to sending out their own malware so that they can increase the size of their botnet, the miscreants behind these operations also earn revenue by installing additional malware supplied…
Read MoreThe perpetrators of targeted attacks want to maintain a persistent presence in a target network in order to extract sensitive data when needed. To maintain this, attackers seek to blend in with normal network traffic and use ports allowed by firewalls. Frequently, the malware used in targeted attacks uses HTTP and HTTPS to appear like…
Read MoreNow that knowledge of targeted attacks, including APT activity, has become mainstream within the broader security community, I predict that 2013 will be a year in which our assumptions will be challenged. We have already seen how successful so-called “technically unsophisticated” attacks have been over the last few years, and I predict they will continue…
Read More