Skip to main content

Posts

Showing posts with the label russia

What You Need to Know About the "Sandworm" Exploit

You may have heard about last month's hack of computers belonging to NATO, Ukrainian and European Union representatives . The attack vector was a classic - a loaded email; classic enough that at first I wondered why the attacks were so successful, post-Stuxnet. Every target opened an email with an infected Microsoft Power Point document. The Power Point was executable. Under ordinary circumstances, users are provided with a security warning that they must over-ride when running and saving executable Power Points. I haven't been able to find confirmation in the news as to whether users read and confirmed these security warnings before running the loaded files; I haven't been able to get my hands on a copy of Sandworm to see for myself, either (please leave a message or email me if you have such a copy). In some sense, the incompetence entailed in triggering the infection is a bit more forgivable as apparently this infection has been running unabated since its first succe...