Malware can already be deadly for a computer, but if a piece of malware became the computer equivalent of a spy or secret agent, what would happen? Would we be able to block applications well enough to keep this super-spy out of the network, or take other steps to defend ourselves?. Well, take a gander at what happened to Digital Bond, a security consultancy company that looks to safeguard computers against infrastructure attacks.
Ars Technica said the company was attacked by “James Bond-style malware”that was included as a link in an email. The sender posed as the company’s CEO and made reference to a paper the CEO published. A link in the email led to malicious files that, if opened, would have snuck into employee’s machines through remote backdoor methods, and which was detected by only seven of 42 antivirus programs.
“It’s a bit concerning that a company whose sole focus is securing industrial control systems should be spear phished,” wrote Reid Wightman, a Digital Bond researcher, on the company’s blog. “The attacker clearly went to enough trouble to try to understand ICS security lingo to get the employee to open the link, and had to compromise a DNS server.”
These attacks are custom designed to exploit email targets and are referred to as advanced persistent threats, Ars Technica said. No employee clicked on the malicious file and there are no indications that the company’s computers have been affected, but it’s disconcerting to know that hackers and online scam artists can be so good as to gain this kind of access and have this kind of knowledge.
Dale Peterson, the CEO whose identity was co-opted in this scheme, said the email was forwarded to him,as the employee who received it was away. While the threat was ducked this time, companies need to have tools in place to avoid things like this, such as mechanisms to whitelist and blacklist email addresses and applications.