The BlackBerry Threat Research and Intelligence team has been tracking activity from a group named “AeroBlade”, which has used spear-phishing to target US aerospace organizations over the past year in various phases.
It has been reported that they sent a malicious document containing an embedded remote template injection technique and a malicious VBA macro code, to deliver the next stage to the final payload execution. Evidence suggests that the attacker’s network infrastructure and weaponization became operational around September 2022.
Itay Glick, VP of Products at OPSWAT, a global leader in critical infrastructure cybersecurity, has provide information to Digital Journal about this latest cybersecurity incident: “The suspected cyberespionage activities were reported by BlackBerry ‘with a high degree of confidence that this was a commercial cyberespionage campaign’ intended to ‘gain visibility over the internal resources of its target in order to weigh its susceptibility to a future ransom demand.’”
There are some interesting features in terms of the attack, which suggest a growing advance in technology. Glick identifies: “What’s noteworthy is that despite the growing sophistication of attacks we’re seeing on critical infrastructure recently, malicious actors continue to exploit one of the most basic and common methods—email-based spear-phishing.”
In terms of lessons that can be drawn from industry, Glick observes: “This campaign serves as a stark reminder that organizations, especially those within critical infrastructure, must remain vigilant by adhering to fundamental cybersecurity best practices.”
As to what suitable measures might entail, Glick states: “These include enabling Multi-Factor Authentication (MFA), promoting cyber awareness through training to identify suspicious links and attachments, and reviewing and enhancing email security settings.”
There are other measures that companies can adopt, which Glick pinpoints as: “Organizations should also invest in advanced email gateways with features that scan incoming emails with multiple antimalware engines, remove sensitive information, and sanitize files to proactively eliminate potentially harmful content.”
Another recommended from Glick “Is the use of sandboxes that are capable of analysing evasive and sophisticated threats, like those that were likely employed by AeroBlade that actively checked for signs of a sandbox environment or antivirus software.”
Glick’s final area of advice for concerned businesses is: “For organizations unsure about the effectiveness of their email security controls, a proactive step would be to evaluate their current setup with the help of trusted cybersecurity vendors.”
This should deliver advantages: “This proactive approach can help identify gaps and ensure a strong defence against both the risks associated with common email-based threats and the increasingly sophisticated ones we’re seeing today.”