New Sykipot Malware Campaign Targets Aerospace Industry

Sykipot campaign

“We have detected a new wave of Sykipot campaigns that has been running during the past weeks,” Blasco wrote in his blog. “There are several changes between the new Sykipot campaigns and the older ones. The first difference is that in previous campaigns the Sykipot authors mainly used file-format exploits to gain access to the systems through spearphishing mails. This time it seems they are mainly using drive-by-download exploits like CVE-2011-0611 affecting Flash Player or the new Windows XML Core zero-day vulnerability."

In the current attack, emails with a malicious Internet link exploit a browser vulnerability, ultimately hacking into US-based servers and redirecting the connections to command and control servers that appear to be located in China.

[Related: Federal Government Acts Against Trojan; Some Users May Lose Access ]

“Sykipot can inject itself into browsers, Outlook and a wide range of computer processes,” explains Ram Pemmaraju, CTO of Strikeforce Technologies, a New Jersey-based developer of authentication, keystroke encryption and mobile security products. “It functions as a keylogger and specifically looks for smart card information so it can capture the PIN and gain access to the data on the systems. It can usually evade detection by scanners and can issue commands that it receives through the C&C servers to download more malware or upload any encrypted file. It also uses custom encryption, as opposed to a standard encryption scheme.”

Sponsored post

Strikeforce is offering its anti-keylogging technology as a potential solution to this threat.

“Antivirus is very ineffective against spear phishing attacks,” said George Waller, executive vice president and co-founder of Strikeforce. “We have a keystroke encryption technology that encrypts each and every keystroke in real time. We then send the data to our own out-of-band pathway. Then, we decrypt the keys into the actual application. This prevents Sykipot from accessing the PIN number, as well as the data that is being protected.”

Waller points to studies indicating that keyloggers are used in 80 percent of today’s data breaches and are often embedded within existing hacking tools in order to produce even more formidable malware threats.

“The malware guys are way ahead of the antivirus guys,” Waller added. “In most cases, keyloggers can defeats two-factor authentication. Even if you have strong authentication, a keylogger can still access the data. We think there should be more mandates around keystroke encryption.”