F-Secure Labs recently released an analysis of the NanHaiShu Remote Access Trojan, which they believe was used to target “government and private-sector organizations that were directly or indirectly involved in the international territorial dispute centering on the South China Sea.”
So what does it look like when you’re hit with a cyber attack that may involve some of the most powerful nations on earth?
Pretty harmless, right?
But click on that attachment and you’ve invited hackers — possibly even attackers backed by a nation-state — into your network.
An attachment owning fools in 2016? The first piece of internet security advice you ever heard was probably, “Don’t click on attachments you weren’t expecting!”So who’d click on that?! Employees at prestigious international law firms, government agencies and possibly even the world’s most powerful political parties.
So how is this happening?
Maybe it’s a lesson that doesn’t sink in, no matter how many times you’ve heard it. Or maybe cyber criminals have just gotten so good at tricking us with them that, like so many old threats, it’s new again.
Give that this method of infection is being used by attackers at the highest levels of cyber espionage, we have to assume the latter.
Where attackers used to send mass emails out with infected attachments hoping to infect just a small percentage of the recipients, these new attacks utilize “spearphishing” techniques.
“These are communications that appear legitimate — often made to look like they came from a colleague or someone trusted — but that contain links or attachments that when clicked on deploy malicious software that enables a hacker to gain access to a computer,” The Washington Post explained.
These emails are carefully crafted or “socially engineered” to seem relevant. Often, as in the case above, they play on our greatest desires, such as money in the form or salary or bonus information.
One big reason attackers have gotten so much better at targeting us is that so many of us have decided to make details about our lives public via social media. This is why hackers love your LinkedIn profile.
So should you scrub your profile and hide in a time capsule to avoid these attacks?
You should definitely be mindful that strangers know more about you than ever and be wary of of strange email that seems overly eager to get you to click on a link or attachment. But these threats are so pervasive and potentially harmful, that they need to be addressed at an organizational level.
Our Labs team put together a Threat Intelligence Brief with several recommendations for avoiding RATs like NanHaiShu, including disabling the opening of email file attachments sent from unverified sources as an enforced policy for all installed email programs.
That way, you’re unlikely to be the weak link that attackers are always looking for.
Leave a comment