14 DAY TRIAL // The Sykipot malware, which was first spotted back in 2007, is currently being used by cybercriminals to gather intelligence on the civil aviation sector in the United States, researchers from IT security company Trend Micro warn.
According to experts, in the past, Sykipot mainly targeted the US defense and other sectors, such as telecommunications, government contractors, aerospace, and computer hardware.
It’s uncertain at this point why the cybercriminals behind Sykipot have shifted their attention to the civil aviation sector. However, researchers say the targeted organization is consistent with their previous attacks.
Over the past period, the cybercriminals have changed not only their attack techniques, but also the malware itself.
Until around one year ago, Sykipot was mainly distributed via email attachments. However, since July 2012, cybercriminals have preferred drive-by exploits.
In addition, the individuals behind these campaigns have started moving away from file-based exploits in favor of DLL or process injection.
Some changes have also been observed in the way the threat communicates with its C&C server.