Prevailion researchers discovered an ongoing, spear-phishing campaign coined “Autumn Aperture” that targets U.S.-based firms . The campaign is possibly linked to the North Korean Kimusky threat actors and involves sending victims trojanized documents over email. Additionally, the hackers utilize obscure file formats, making them difficult to detect by antivirus products.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
The Autumn Aperture attack is a prime example of how sophisticated and convincing cybercrime tactics have become — phishing attacks in particular. These hackers are impersonating senders that are known to the targets, hiding malware in legitimate-looking documents, and sending spoofed emails that their victims may even be expecting.
Today, spear phishing plays a role in at least 90 percent of all cyberattacks, and it is highly effective. To stop attacks like this, the first essential step is to prevent malicious emails from ever entering inboxes. Most email defenses will focus on the content of the messages and the links they contain, but given the rapidly evolving attacks techniques and use of obscure file formats in attacks like these, content-centric systems don’t always catch the bad guys. It’s therefore critical to confirm the identity of the sender, because the vast majority of phishing schemes use fake identities and are virtually indistinguishable from legitimate emails.
Properly enforcing DMARC and implementing advanced anti-phishing solutions that validate senders’ identities add a crucial defensive layer to keep these attacks at bay. It’s time organizations stop putting the onus on their employees and partners to identify and avoid fraudulent emails, and implement known best practices to proactively defend their inboxes.