An old attack vector has re-emerged with a twist. This time the attackers are patient, and have defined the attack process in a manner that will increase the effectiveness.
An email with a semi-customized subject matter is sent to a selected group of targets all sharing a similar interest – CYBERSECURITY. The email is about a job opening and has two attachments. The first attachment is labeled job description. If the email recipient is interested and clicks on the download – you guessed it – malware is downloaded and installed. The second attachment is for the recipients that want to unsubscribe. If you click on that download, yes once again malware is downloaded and installed.
Targeting the high-end workforce in the cybersecurity field with the promise of a new job has been around and tried before with a fair degree of success. The malicious “unsubscribe” link has also been done before, but this is the first time they have appeared together.
This was no amateur job. It appears the designer of this cyber weapon really looked into the background of the group they were targeting. It is more than likely they even employed psychological profiling techniques in the skillful crafting of the textual body of the email to peak the interests of their targets.
There is a substantial amount of applied research and analysis underway in the area of behavioral modeling and profiling of malicious cyber attackers – both outsiders and insiders. Some of this research has achieved a fair degree of success. This success has driven cyber attack designers to sit up and take notice and they are now using our defensive methods against us.