Connect with us

Hi, what are you looking for?

Tech & Science

US aerospace targeted by spear-phishing campaign

Organizations should invest in advanced email gateways with features that scan incoming emails.

North American airlines are leading the return to the industry's profitability
North American airlines are leading the return to the industry's profitability - Copyright GETTY IMAGES NORTH AMERICA/AFP WIN MCNAMEE
North American airlines are leading the return to the industry's profitability - Copyright GETTY IMAGES NORTH AMERICA/AFP WIN MCNAMEE

The BlackBerry Threat Research and Intelligence team has been tracking activity from a group named “AeroBlade”, which has used spear-phishing to target US aerospace organizations over the past year in various phases.

It has been reported that they sent a malicious document containing an embedded remote template injection technique and a malicious VBA macro code, to deliver the next stage to the final payload execution. Evidence suggests that the attacker’s network infrastructure and weaponization became operational around September 2022.

Itay Glick, VP of Products at OPSWAT, a global leader in critical infrastructure cybersecurity, has provide information to Digital Journal about this latest cybersecurity incident: “The suspected cyberespionage activities were reported by BlackBerry ‘with a high degree of confidence that this was a commercial cyberespionage campaign’ intended to ‘gain visibility over the internal resources of its target in order to weigh its susceptibility to a future ransom demand.’”

There are some interesting features in terms of the attack, which suggest a growing advance in technology. Glick identifies: “What’s noteworthy is that despite the growing sophistication of attacks we’re seeing on critical infrastructure recently, malicious actors continue to exploit one of the most basic and common methods—email-based spear-phishing.”

In terms of lessons that can be drawn from industry, Glick observes: “This campaign serves as a stark reminder that organizations, especially those within critical infrastructure, must remain vigilant by adhering to fundamental cybersecurity best practices.”

As to what suitable measures might entail, Glick states: “These include enabling Multi-Factor Authentication (MFA), promoting cyber awareness through training to identify suspicious links and attachments, and reviewing and enhancing email security settings.”

There are other measures that companies can adopt, which Glick pinpoints as: “Organizations should also invest in advanced email gateways with features that scan incoming emails with multiple antimalware engines, remove sensitive information, and sanitize files to proactively eliminate potentially harmful content.”

Another recommended from Glick “Is the use of sandboxes that are capable of analysing evasive and sophisticated threats, like those that were likely employed by AeroBlade that actively checked for signs of a sandbox environment or antivirus software.”

Glick’s final area of advice for concerned businesses is: “For organizations unsure about the effectiveness of their email security controls, a proactive step would be to evaluate their current setup with the help of trusted cybersecurity vendors.”

This should deliver advantages: “This proactive approach can help identify gaps and ensure a strong defence against both the risks associated with common email-based threats and the increasingly sophisticated ones we’re seeing today.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Business

Traders struggled to extend gains on Wall Street, where the Dow chalked up its first record since May.

Life

Read the fine print carefully and understand the implications of acquiring credit card debt before signing up, check the legitimacy.

Tech & Science

This meant that the trust in that key was a forever kind of trust, one you couldn’t suddenly revoke.

Social Media

Conspiracy theories about the assassination attempt on Donald Trump received tens of millions of views on X, researchers said.