A quick blog post that demonstrates yet again that the adversaries we face are quick to pounce on user curiosity for their own gain. We all know that yesterday the White House released the POTUS’ birth certificate…and before Donald Trump could even finish congratulating himself and plugging the next episode of “The Apprentice,” the malware writers were all over this news.
As we’ve seen time and time again over the past year, the bad guys are using poisoned SEO techniques to feed malicious links to our users. We saw it with Kate Middleton and with Charlie Sheen…now the POTUS’ birth certificate. The user is directed in this case (as is so often the case) to a Fake A/V exploit. Not just the “give me your credit card number” type – no, the type that actually pops the machine, sets up C&C, gets ready to do the real dirty work. Have to come to grips with the fact that the user is the primary target for our adversaries nowadays – RSA = spear phish…Oak Ridge National = spear phish…etc, etc. They are now the unwitting accomplices to the breach of our networks – and training alone isn’t going to solve the problem.
Nothing is sacred out their folks – keep fighting the good fight. Oh – and you might want to consider protecting the network from the user and the user from him or herself. You can separate their interaction with all untrusted content from impacting the security of your network. You can arm your browsers – putting the user in a bubble while interacting with untrusted content, etc. That’s what we do – and not only do you keep the infections from reaching the desktop and then on to the network – but you get a whole bunch of really cool forensic detail that can be used to feed your larger infrastructure.