Arabic-speaking cyberspies targeting BOFHs with crude but effective attacks An Arabic-speaking cyber-espionage group, active since 2012, has stepped up its attacks over the last six months, according to new research from Kaspersky Lab. The so-called "Gaza cyber-gang" focuses on attacking government entities, especially embassies, and primarily targets information technology and incident response staff …
Extensive analysis by the Bletchley dept of chaps smoking pipes, has decoded that the common part of these messages is the use of ".exe". From the French "exécuter" which suggests that an immediately retaliatory strike on Johnny Frenchman is the only rational course of action
If your IT staff are incompetent enough...
a) allow attachments through to desktops without holding them in quarentine
b) actually open email attachments
c) not have AV/malware on PCs/Macs/mobiles/tablets under their control
d) Not realising any of the above are basic, important security measures
Should be taken out back, severely beaten with a length of CAT5 and then given their marching papers!
Christ, even the least techie people in my family understand these core foundational tenets of good security, let alone people paid to know this stuff by rote.
Why oh why did Microsoft not make the default "always show file extensions" like 15 years ago -- to me, for security purposes, showing the FULL file name by default on a system like Windows (where system behavior varies based on file extension) is exactly as obvious as the decision to turn off autorun. But here we are, with systems still supressing important file information by default.
<sarcasm> Just wait till they develop the next level of sophistication, zip of exe.</sarcasm>
Anyone running a milter that lets through a exe or zip of contect without blinking wants shooing with a length of ftp, ESPECIALLY those in a position of a company large enough to be a target. Its not point and click for monkeys people role, test your own stuff, do a professional job.
Of course then you might find people killing your mail server cluster with recursive zip attacks, but hey, its not 1999 anymore and you should be capable of stopping that too.
I did bring down a entire cluster sending someone carrying the EICAR test string inside this exploit payload via mail who absolutely insisted on pain of my dismissal to do so despite my dire warnings.Fun call with the cluster admin at 10pm on a friday who put in place proceedures to not have managers strong arm security staff with requests against their better judgement... And I hope harden the cluster of mailservers that it took out...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
