Following the news that a hacking group based in Pakistan is attempting to carry out targeted malware attacks against nation states and individual citizens, IT security experts commented below.
Rob Shapland, Principal Cyber Security Consultant at Falanx Group:
Why are government targets being duped by such unsophisticated methods?
“The Gorgon group are running two types of campaign from the same infrastructure – highly targeted spear phishing attacks against government targets, and general spam emails aiming to install malware. The spear phishing attacks are more sophisticated and use a convincing lure that even trained individuals may fall for, especially as the attacks are using a URL shorterning service so the traditional trick of hovering over the link to see where it is going will not work.”
Do government organisations need to change their security approach/ infrastructure to combat/ prevent these attacks?
“There’s two surprising elements that the hackers are using that basic cyber defences should prevent. The exploit used is from 2017 and should already be patched. The Gorgon group are also using Microsoft Word macros, which ideally should be disabled by default. These two simple fixes would have prevented these attacks.”
What guidelines can individuals follow to defend against spear-phishing campaigns?
“To avoid falling victim to spear phishing attacks, think about the motivation of the attacker: they need to get you to click on a link or attachment. The attackers will use something that makes you very curious, or angry, or fearful. So, if you really want to open that link or attachment, this is when to be on your guard. Check the link – does it look legitimate? Does it use a URL shortening service like Bitly that might be masking the true location? Also check for spelling mistakes, grammar errors and unknown sender email addresses.”
Jake Moore, Security Specialist at ESET:
“Targeted phishing emails are becoming more and more convincing to the general user particularly when the hacker has done their homework on the company. Such techniques as “out of office” replies or “this mailbox is full” simply add validation to some users which can be a way in.
In this attack there malicious attachments such as word documents have been seen included in the emails. How hackersthen take control is by requesting the user to enable macros and when this isn’t fully understood, the unbeknown target simply clicks through to quickly read the attachment. Organisations can simply protect their infrastructure and staff from falling into them traps by using network segmentation in air gapped situations where possible, patching against the latest threats and then simply preventing users the ability to enable macros which has been a technique used by hackers for a long time now.
Educating users on the current threats and their means of attack can go a long way towards protecting your network, utilising technologies like threat intelligence and real time network scanning can help form this knowledge internally and better help your defence.”
