Krebs on Security is reporting that dozens of people — including government cyber-security contractors — had information from their workstations stolen when they were duped into opening a greeting card disguised as an official White House eCard.
Upon downloading the eCard, victims’ computers were infected with a ZeuS Trojan variant, a particularly malicious Trojan malware that is well-known for its role in online bank theft. In this instance, the Trojan uploaded over 2GB of PDFs and Microsoft Word and Excel documents to a server in Belarus.
According to Krebs, some individuals who fell for the scam included: an employee at the National Science Foundation’s Office of Cyber Infrastructure, an intelligence analyst in Massachusetts State Police, an employee at the Financial Action Task Force, and an official with the Moroccan government’s Ministry of Industry, Commerce and New Technologies.
This attack reflects the increasingly “blurred boundaries” between online financial crime and espionage. It is unusual because, as Krebs notes, “most criminals using ZeuS are interested in money-making activities – such as swiping passwords and creating botnets – whereas the hoovering up of sensitive government documents is activity typically associated with so-called advanced persistent threat attacks, or those deployed to gather industrial and military intelligence.”
This story serves to demonstrate the vital importance of cyber security management and the need to provide all users awareness training. While it’s important to keep technology up-to-date and current, recent history demonstrates that technology alone will never be enough to block these kinds of attacks. At the end of the day, informed and vigilant personnel are the best defense against these kinds of cyber attacks.