“0day”: Civil Society and Cyber Security

Greg and I have put up a new post on the IWM and Malware Lab about 0day exploits and Civil Society organizations. It s not about coordinated 0day attacks but rather some general trends and patterns that we’re seeing. We’re finding that the websites of civil society organizations are being used to push malware — usually through iframe injection — and that malware campaigns often leverage human rights related themes. Also, despite the fact that some attacks may be unintentional (e.g. mass iframe injection), it results in a situation in which civil society organizations are intimidated and their operations are disrupted. The key issues we identified are:

  • Civil society organizations are compromised and used as vehicles to deliver 0day exploits
  • Attackers have access to multiple 0day exploits and switch their attacks to leverage newer exploits as they become available
  • Attackers leverage human rights issues as the context for malware distribution
  • The attacks are effective; civil society organizations continue to propagate malicious links within their communities without realizing it.

Post a comment.