Yesterday, the UK foreign secretary, William Hague, explained to a security conference in Munich how cyber criminals were trying to infiltrate the UK government and defense contractors.
According to a BBC report, Mr. Hague explained that attackers had infected government computers with the Zeus trojan (Sophos calls Zeus “Zbot”) in attacks similar to those on the Department of Homeland Security last June.
While I commend the government for publicly addressing these issues, I certainly hope this isn’t news to those in the MoD (Ministry of Defence) or defense industries.
The types of threats Mr. Hague outlined are not just hitting the UK government. These types of malware, social engineering and targeted phishing are gaining momentum against businesses all over the planet.
Most of the examples he cited began as email attacks. While best practices suggest that you should block all executable content from entering your mail gateways, booby-trapped documents are still a risk.
Spend some time educating your users that Microsoft Office documents, PDFs and other commonly used file types can be dangerous. If you are not expecting a document, or if you find it out of context, don’t open it.
Phone the person who appears to have sent it or use some other out-of-band communications method to confirm the document isn’t phony.
For more information on how malicious PDF documents can be used to compromise your computers, check out “Finding rules for heuristic detection of malicious PDFs: With analysis of embedded exploit code”, the paper that Paul Baccas from SophosLabs presented at the Virus Bulletin 2010 conference.
Creative Commons photo of William Hague courtesy of Drown’s Flickr photostream.