Threats to online security are nothing new—but are generally noteworthy, particularly in regard to how to protect against said threats—but threats to online security with a specific target in mind are something rather different. A new zero-day attack recently spotted on Internet Explorer (IE) 10 has just such a focus, specifically, members of the United States military. The attack in question was spotted by security research firm FireEye, and it's referring to the attacks by the somewhat ominous name Operation SnowMan.
FireEye (News - Alert) reportedly spotted the attack back on February 11, which was in turn suggested to have been launched for two critical reasons: one, it was the start of a holiday weekend, and two, it was about the time that a major snowstorm was kicking in, which looked to compound problems for the user base. Reports further suggest that the group involved in Operation SnowMan was likely connected to similar operations, including Operation DeputyDog and Operation Ephemeral Hydra, and was also connected to a host of other attacks, targeting everything from law firms and mining companies to Japanese firms and elements of the United States government.
Admittedly, going after the Veterans of Foreign Wars website may seem like an odd target—especially when there are much more frequently visited websites out there—but if the target was members of the military, then this does make some sense. It's further odd to use an attack with so many ways to work around it; even something as simple as switching browsers would seem to have a mitigating effect, let alone just keeping the browser up to date would effectively render this attack moot. But this attack still shouldn't be taken lightly, as word from the United States' Computer Emergency Response Team (CERT) suggests that no way has been found, as yet to otherwise fix the attack. However, Microsoft is still at work on the problem, according to word from FireEye, and those who haven't already made the move to take advantage of one of the mitigation tools should likely do so.
Staying protected online is a matter of responsibility for everyone, and Operation SnowMan shows that point well. Keeping things up to date and running the necessary protective tools is a big part of that, and those who do will likely end up rewarded with much fewer headaches.