Threat actors, Group 74, have targeted people attending the Cyber Conflict US Conference being held in Washington next month. They have distributed a flyer that delivers a VBA payload. Cleverly, the bad guys copied the text from the real flyer from the conference website and used that to craft their attack. While this isn’t a new technique it’s interesting that they are specifically focussing on security experts, presumably as a way of boosting their credibility in the hacker community.
While you’d think cybersecurity pros would be a hard target to hit, they are surprisingly trusting at their own events.
Earlier this year, Darren Kitchen and Shannon Morse from Hak5 revealed that they dropped 100 USB Rubber Duckys (USB devices that can be used to deliver malicious payloads to devices by exploiting weaknesses in the HID interface) at this year’s RSA Conference in San Francisco. Almost two-thirds were opened by unsuspecting conference delegates.
And, three years before, while I was at the RSA event during the revelation of the “goto fail” vulnerability in Apple’s TLS implementation, I was amazed at the number of people connecting their Macs to the conference wireless network before the patch was released.
While the report by Cisco Talos is interesting it points to a growing reality. Today’s threats actors aren’t indiscriminately targeting broad audiences. They are focussing their efforts on specific groups and exploiting weaknesses, such as a over-confidence, in order to delver malicious payloads.
As always, it is important tp remain vigilant, regardless of your working context.