You Are A Security Risk — Wall Street Journal

The September 26, 2011 edition of the Wall Street Journal contained a special section dedicated to information security.  In an article entitled What's a Company's Biggest Security Risk? You., reporter Geoffrey A. Fowler details the security gaps that are created by people.  Fowler writes: We are the weakest link. Hacking attacks against companies are growing bigger and bolder—witness a string of high-profile breaches this year at Sony Corp., Citigroup Inc. and others. But gone are the days when hackers would simply find holes in corporate networks to steal valuable data. Large companies have grown wise to the threat of hacking, and [...]

2017-01-07T17:35:25+00:00September 30th, 2011|SP Guard, spear phishing|

Iconix Adds Fraud Filtering to SP Guard to Block Spear-Phishing Attacks

ICONIX, Inc., the industry leader in visual email solutions, announced today that it has added fraud filtering capability to SP GuardTM, its spear-phishing defense product. Now, in addition to highlighting legitimate messages with an icon in the inbox, enterprises will be able to block fraudulent messages pretending to be from their organization or their trusted partners.   Recent security breaches at many major enterprises have been widely reported in the press. Cisco's June 2011 study, "Email Attacks: This Time It's Personal", reported that suspicious emails with suspicious links are being replaced by highly targeted emails that do not rely on [...]

2017-01-07T17:35:25+00:00September 27th, 2011|SP Guard, spear phishing|

Cyber Espionage — It’s Worse Than You Think!

In two companion articles appearing in tomorrow's edition (9/24/11) of The Sydney Morning Herald, reporter Dylan Welch describes international cyber spying.  The first article, Code red: the cyber spy threat, discusses the wide-ranging problem of cyber espionage.  The article describes a large number of cyber attacks against many governments and international organizations.  Of course, spearphishing plays a prominent role in the story.   These are just two of the incidents reported: On June 1, 2009, messages with the heading ''China and Climate Change'' dropped into the email inboxes of five US State Department officers. The five officers, working in the [...]

2017-01-07T17:35:25+00:00September 23rd, 2011|SP Guard, spear phishing|

The Security Threat of Social Engineering

Check Point just released a survey conducted by Dimensional Research about the security threat posed by social engineering.  The survey found: The threat of technology-based security attacks is well understood, and IT organizations have tools and processes in place to manage this risk to sensitive corporate data. However, social engineering attacks are more challenging to manage since they depend on human behavior and involve taking advantage of vulnerable employees. The survey found that breaches initiated by social engineering attacks were costly, particularly to large organizations: 48% of large companies and 32% of companies of all sizes have experienced 25 or [...]

2017-01-07T17:35:26+00:00September 23rd, 2011|Phishing, spear phishing|

Japanese Defense Contractor Latest Spearphishing Victim

The BBC reports that Mitsubishi Heavy Industries, a major Japanese defense contractor, is the victim of a cyberattack. Mitsubishi Heavy Industries said viruses were found on more than 80 of its servers and computers last month.  As is often the case, the systems were compromised by spearphising.  Spearphishing is when hackers send highly customized and specifically targeted messages aimed at tricking people into giving away login details or loading malware onto their systems. The BBC reports that the viruses targeted a shipyard in Nagasaki, where destroyers are built, a facility in Kobe that manufactures submarines and parts for nuclear power stations, [...]

2017-01-07T17:35:26+00:00September 20th, 2011|spear phishing|

US Defense Organizations May Have Been Hit By RSA Spearphish Attack

PC World is reporting that the malware which was used in the spearphishing attack that compromised the RSA security token  may have been used to attack US defense organizations. PC World quotes Bernardo Quintero, the founder of malware analysis site VirusTotal.  "According to our data, RSA was just one of the targets. [Attackers] used the same malware to try to penetrate other networks."  The report continues: VirusTotal is a popular site with security professionals who use it to get a quick industry consensus take on suspicious files. It runs any file through a battery of antivirus scanning engines and spits out [...]

2018-04-05T15:07:29+00:00September 16th, 2011|SP Guard, spear phishing|

Hotel Refund Email Scam

Sophos reports on a new email scam.  In this scam, the bad guys are sending emails that claim to offer a refund for erroneous hotel billings. In order to claim the refund, you must use the attached zip file.  The zip file contains malware which loads a Trojan Horse onto your system. This Trojan Horse can be used to take control over your computer, giving the bad guy the ability to steal your personal information or turn your machine in spam zombie. What can you do to protect yourself?  You should use the latest version of a reputable security product [...]

2017-01-07T17:35:27+00:00September 9th, 2011|Consumers and Email, Iconix Truemark Service, Phishing|

Cybercriminals Know Everything About You!

The Wall Street Journal's Tech Europe reports that cybercriminals are using information they mine from the internet to create very credible fake emails to deceive recipients. Oliver Crofton, CEO of Vigilante Bespoke, self-described as the world's first personal digital security company, reported that one of his celebrity clients received an email that appeared to be from the U.K.’s Driving and Vehicle Licensing Agency.  The email was linked to a fake website.  According to Crofton: It [the website] looked exactly like the DVLA website, it had the right branding. It looked absolutely legitimate. It said the tax for his car was up [...]

2017-01-07T17:35:27+00:00September 2nd, 2011|spear phishing|