Here is a story that shows you always have to keep your guard up when dealing with cyber-security, as the threat landscape is constantly changing and the threat actors will always choose vectors that are in the news.

This particular attack comes right back here to Smart Thinking – malware embedded into redistributed images from the James Webb Space Telescope.

Hackers hide malware in James Webb telescope images (bleepingcomputer.com)

The attack is a combination of an email phishing campaign, with some social engineering to get you to access the malicious document s and space images – and has been named ‘GO#WEBBFUSCATOR’. The attack was discovered by researchers at Securonix and they found it is written in Golang, a cross-platform (Windows, Linux, Mac) programming language, cyber criminals are using more frequently as it offers increased resistance to reverse engineering and analysis.

The infected image is of the galaxy cluster SMACS 0723, published by NASA in July 2022. That’s what you see if you open it in an image viewer but open it in a text editor and a Base64 encoded malicious payload is revealed.

The Bleeping Computers article describes the details of the attack process.

I regularly feature Nasa projects in my “Because It’s Friday” feature – a feature that developed as this website cannot just be cybersecurity doom and gloom. The topics jump around and cover such things as artificial intelligence, flying cars, funnier technology stories and of course space – I am a child of the ’60, I watched Neil Armstrong step off onto the moon.

Let me say that I only source my images from the official NASA James Webb Space Telescope website – mainly because I always want to credit the images I use (that is my ex-professional photographer side coming out), not so much for the cyber security concerns. Now of course my thinking may be different.

Your takeaway from this story – read the first paragraph, above, again and always read “Because It’s Friday”!

Clive Catton MSc (Cyber Security) – by-line and other articles

p.s.

Before I wrote this blog past, I had already scheduled this week’s “Because It’s Friday” post – of course it features an image from the James Webb Space Telescope! Sourced directly from NASA and credited to their people.

Do you want your team to recognise phishing emails and social engineering attacks?

Have a looking at our cybersecurity training site over at CyberAwake:

CyberAwake | Cyber Security Experts and Awareness in Lincoln

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Do you want your team to recognise phishing emails and social engineering attacks?

Further Reading