Sykipot-wielding attackers now targeting US civil aviation firms
Posted on 05.09.2013
The Sykipot backdoor Trojan is not a new threat. First detected over six years ago, its existence and use has been tied almost exclusively with the cyber espionage activities of a group or groups of attackers that are likely to be based in China.


The malware itself hasn't changed much throughout the years, and its goal is simple and always the same - once it gains access to a system, it establishes an SSL connection to a C&C server from which additional malware is downloaded, then installed and run on the victim’s machine.

It has mostly been used in campaigns targeting the US defense industry and government contractors, along with some computer hardware manufacturers and telecoms. But in this last campaign spotted by Trend Macro researchers, the attackers have unexpectedly focused on companies working in the US civil aviation sector.

The Sykipot attackers are known for their use of zero-day exploits to deliver the backdoor to the victims, and that, along with their persistence and specific targeting, is another clue that points to their nature as state-sponsored hackers.

The researchers are warning US-based entities - and especially those in the civilian sectors that are important to the country's infrastructure - to be on the lookout for similar campaigns, urging them to keep their systems updated and securely configured or adding virtual patching (or virtual shielding) solutions to their defenses if security upgrades are not possible for whatever reason.

"Since this attack typically arrives via email messages, it is important for organizations to implement an good social engineering program. This can help organizations, particularly employees, managers etc., to be wary of email messages that may carry malware related to campaigns like Sykipot," they pointed out.









Spotlight

The psychology of phishing

Posted on 23 July 2014.  |  Cybercriminals no longer send out thousands of emails at random hoping to get a handful of hits, today they create highly targeted phishing emails which are tailored to suit their recipients.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Jul 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //