It’s a fact that most websites today ? including ClearanceJobs.com ? are optimized for use on a modern web browser such as Firefox or Chrome. But the reality for many defense industry professionals is you don’t have a choice in what browser you use, and the choice across government offices is Internet Explorer.
Exploits in Internet Explorer were found last week which allowed attackers user privileges on an infected PC. A few days after the initial zero-day vulnerability three new exploits were found which specifically targeted defense contractors and were attributed to Nitro, a hacker group in China.
“The exploit is being used in a very targeted way, spear-phishing certain industries and installing remote backdoors,” a Barracuda spokesperson said in Threatpost, the Kapersky Lab Security News Service. “The concern is that it could be replicated easily by people who sell the Black Hole exploit kit ? and expose a much larger number of people.”
The attack is being used in spear phishing attacks which experts believe are being directly targeted to individuals in the defense industry. One click on an email triggers the attack.
Microsoft issued an update last week. Defense industry users likely don’t need to worry about the issue, as their PCs will update automatically. Any IE user who isn’t signed up for automatic updates should manually update their machine immediately.
It’s an important reminder that every patch will always be a day or two behind the vulnerability. Users should be incredibly cautious of all online activities, especially links or questionable emails, regardless of the browser used.