Apparently phishing high-level bureaucrats and diplomats attending a G20 summit isn't at all difficult ... all you have to do is to promise them nude pictures of former French first lady Carla Bruni and they'll open any attachment.
I am not making this up. A US security firm, FireEye has revealed that in 2011, as part of an ongoing series of phishing expeditions that started in 2010, the delegates to the G20 summit were specifically targeted with an email that offered "To see naked pictures of Carla Bruni click here." According the FireEye, "Almost everybody who received the email took the bait" and it is known that representatives from Czech Republic, Portugal, Bulgaria, Hungary, and Latvia took the bait.
Apparently opening the binary attachment not only displayed some X-rated images but, in the background, installed a Trojan that gave the attackers low-level access to the compromised machines.
According to a report in The New York Times FireEye's investigation started during the attacks and the company noted that they were primarily targeted on politicians and bureaucrats and that the attackers were Chinese. Whether the Chinese government was involved is not clear.
What is so surprising about these attacks is that they were reportedly so successful. You'd think that the likes of diplomats would be given PCs with the most robust malware protection available and that a ploy as transparent and obvious as nude photos of someone famous wouldn't work on presumably sophisticated and respectable people such as diplomats. You would, quite obviously, be wrong.
So, have you got state-of-the-art malware defenses on all of your executives' computers? Do you think they be taken in by an offer to see Carla Bruni naked?