A new round of hacking attacks is being directed specifically against Israel, cyber-security giant Check Point believes. The exploit, which uses infected Microsoft Word documents to insert malicious code into a user’s computer, “appears to be politically motivated, instigated against a particular nation-state,” the company said.
With that, said the company, the identity of the hackers behind the attack is unclear, and may never be known, because it is almost impossible to trace such attacks back to the original server that issued them. And, while Check Point would not name the specific targets of the attack, it said that they included Israeli public (i.e., government) and private organizations, and that the attacks had been going on “for some time.”
“There are many reasons campaigns can end up with a lopsided geographical distribution of infection victims; that, alone, does not necessarily imply a ‘targeted campaign’ scenario,” said the company. “However, this case was different. Israeli targets were not just over-represented; the list of targeted Internet addresses contained a number of Israeli government agencies, security industry firms, municipal agencies, research institutions and even hospitals. In total, over 200 machines and 15 distinct Israeli firms and institutions were targeted.”
The role of defense, said Check Point, is – as usual – critical. “Regardless of the campaign’s origins, the advice for defending against exploit kits as an attack vector remains the same: update your software; update your anti-virus signatures; audit files with sandbox analysis before they enter your network; employ anti-bot and post-infection technology to assist in identifying hosts that have been compromised; use a script blocker for your web browser; and be wary of any web links or documents that came unsolicited or from a party you don’t fully trust.”