Zero-Day Phishing Campaign Targets High Tech Intellectual Property
A large-scale phishing campaign leveraging a critical Adobe Flash zero-day has been targeting many different industries for weeks, including aerospace and defense, construction and engineering, high tech, telecommunications and transportation organizations.
While the zero-day has been known since early June, Adobe just recently released an out-of-band patch. The zero-day affects Flash Player 126.96.36.199 and earlier for Windows and Macintosh, including 188.8.131.526 for Linux 11.x versions, according to ThreatPost.com.
Known targets include systems running Internet Explorer for Windows 7 and below and Firefox on Windows XP. The latest updates address a critical vulnerability that could allow an attacker to take control of the affected system - that is a heap buffer overflow vulnerability that could lead to code execution.
FireEye released a report on the phishing campaign, identifying the China-based attack group as APT3. According to the report, after successfully exploiting a user, the group quickly dumps credentials, moves laterally to other hosts and then installs custom backdoors.
The group is after intellectual property, according to FireEye. According to a Kaspersky Lab survey last year, they found that one in every five manufacturing businesses have lost intellectual property to security breaches. Businesses often stay competitive based on the work of their Research & Development (R&D) teams, especially important for high tech, defense and telecommunication organizations.
Keeping that proprietary information safe from competitors or other adversaries is essential to staying in business. In this phishing campaign, attackers leverage the use of stolen credentials to move laterally throughout an organization’s environment and install backdoors. By implementing a strong authentication security tool, organizations can stop the chain of attack before attackers steal any data.
An advanced two-factor authentication solution can help reduce your risk of a data breach by requiring the use of another device, such as a smartphone, to verify an employee’s identity before they log into your network. Plus, custom controls and policies can prevent any login attempts from places you don’t do business in (like China or Russia), as well as login attempts from any anonymous networks (like Tor).
Using a VPN (virtual private network) isn’t enough for security - passwords can easily be brute-forced or phished. Pairing two-factor authentication with your VPN logins can keep intellectual property and employee accounts safe from online attackers.