Attacks On Government Email Continue

In June we blogged about highly targeted emails that we being sent to the gmail accounts of U.S. government officials. Contagio reports that the disclosure of these attacks has not stopped the attacks or caused the attackers to give up.   The latest attacks use a real report titled "Blinded: The Decline of U.S. Earth Monitoring Capabilities and its Consequences for National Security" from the Center for a New American Security (CNAS), a Washington D.C. think tank, as bait.  The victim is encouraged to subscribe to reports using their gmail credentials.  The concept appears to be that because using gmail [...]

2017-01-07T17:35:27+00:00 August 25th, 2011|spear phishing|

Social Media Outs CIA Agent

The effectiveness of spearphishing, the use of highly targeted email to compromise systems and data, depends upon the miscreant's ability to craft an email that is enticing to the recipient.  This presents the phisher with two problems -- identifying the target and determining what would entice the target. After years of clandestine efforts, secret operatives of the United States were able to kill bin Laden.  Running this operation was a CIA employee whose identity is a closely guarded national secret.   The Observer reports that his cover was blown using Flickr.  The White House published a photo from the Situation [...]

2017-01-07T17:35:27+00:00 August 16th, 2011|SP Guard, spear phishing|

Former Director of National Intelligence McConnell Discusses Cybersecurity

On August 7, 2011, former Director of National Intelligence Vice Admiral Mike McConnell (USN Ret) appeared on CNN's State of the Union with Candy Crowley.  The Admiral discussed the risks of industrial espionage and cyber warfare.  He described the security breaches in McAfee's recently released  Revealed: Operation Shady RAT as "the tip of the iceberg."  You can see the entire interview at: http://sotu.blogs.cnn.com/2011/08/07/fmr-dni-mike-mcconnell-on-the-threat-of-cyber-attacks/

2017-01-07T17:35:27+00:00 August 11th, 2011|spear phishing|

Defcon Hacking Conference — Target the People

Last weekend the world's largest hacking convention, Defcon, was held in Las Vegas.   Reuters reported on the conference: [H]ackers taking part in the competition on Friday and Saturday found it ridiculously easy in some cases to trick employees at some of the largest U.S. companies to reveal information that can be used in planning cyber attacks against them. This was the second year that Defcon included a contest in "social engineering," in which the hackers tried to deceive people into disclosing information or taking ill-advised actions, such as opening an infected attachment, downloading malware or visiting a malicious website. [...]

2017-01-07T17:35:27+00:00 August 11th, 2011|SP Guard, spear phishing|

Where Have All My Secrets Gone?

McAfee has just released a whitepaper,  "Revealed: Operation Shady RAT," in which they investigated  one of the secret command and control networks which have been surreptitiously installed in networks around the world.  McAfee reports that the purpose of these secret networks is to steal data. What we have witnessed over the past five to six years has been nothing short of a historically unprecedented transfer of wealth — closely guarded national secrets (including from classified government networks), source code, bug databases, email archives, negotiation plans and exploration details for new oil and gas field auctions, document stores, legal contracts, SCADA configurations, design [...]

2017-01-07T17:35:27+00:00 August 5th, 2011|SP Guard, spear phishing|

Iconix Whitepaper – Online Attacks Get Personal

Today Iconix released its whitepaper, "Online Attacks Get Personal."  In this whitepaper,  Iconix discusses the disturbing trend of email attacks moving from general, widely distributed scams to highly personalized spearphishing emails. This trend is occurring because technology favors the social engineering schemes employed in spearphishing that are used to deceive recipients.  It is technically easy to fake the sending email address that is displayed to the recipient.  A little internet research yields substantial personal information that can be used to deceive the recipient.  Email is the ideal medium for deception because the attacker has at his command all of the [...]

2017-01-07T17:35:27+00:00 August 1st, 2011|SP Guard, spear phishing|