Sykipot-wielding attackers now targeting US civil aviation firms
Posted on 05.09.2013
Bookmark and Share
The Sykipot backdoor Trojan is not a new threat. First detected over six years ago, its existence and use has been tied almost exclusively with the cyber espionage activities of a group or groups of attackers that are likely to be based in China.


The malware itself hasn't changed much throughout the years, and its goal is simple and always the same - once it gains access to a system, it establishes an SSL connection to a C&C server from which additional malware is downloaded, then installed and run on the victimís machine.

It has mostly been used in campaigns targeting the US defense industry and government contractors, along with some computer hardware manufacturers and telecoms. But in this last campaign spotted by Trend Macro researchers, the attackers have unexpectedly focused on companies working in the US civil aviation sector.

The Sykipot attackers are known for their use of zero-day exploits to deliver the backdoor to the victims, and that, along with their persistence and specific targeting, is another clue that points to their nature as state-sponsored hackers.

The researchers are warning US-based entities - and especially those in the civilian sectors that are important to the country's infrastructure - to be on the lookout for similar campaigns, urging them to keep their systems updated and securely configured or adding virtual patching (or virtual shielding) solutions to their defenses if security upgrades are not possible for whatever reason.

"Since this attack typically arrives via email messages, it is important for organizations to implement an good social engineering program. This can help organizations, particularly employees, managers etc., to be wary of email messages that may carry malware related to campaigns like Sykipot," they pointed out.









Spotlight

Nine patterns make up 92 percent of security incidents

Posted on 23 April 2014.  |  Researchers have found that 92 percent of the 100,000 security incidents analyzed over the past ten years can be traced to nine basic attack patterns that vary from industry to industry.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Apr 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //