The Ottawa Citizen reports that cybercriminals used spearphishing emails to gain access to the Canadian Government's Finance Department and Treasury Board networks. The intruders sent emails to high-ranking department officials containing a link to a webpage infected with a sophisticated virus. They also sent infected PDF files that, when opened, unleashed more malicious code to target and download government secrets. Quoting unnamed government sources, the article says that the cybercriminals were after information about Canada's potash industry. A January 31, 2011 government memo said, "data has been exfiltrated and that privileged accounts have been compromised."
The networks of Japan's parliament were compromised for more than a month and hackers may have stolen sensitive emails and documents from 480 lawmakers and their staff, according to a Japanese national daily newspaper. The Asahi Shimbun today reported that the lower house of the Japanese legislature has been compromised by a spearphishing attack. The breach began in July, when a representative opened a malicious email, and continued until late August. The article reports that the attackers had access to documents and email of the Diet's 480 lower house members and other personnel. The attack appeared to target confidential information [...]
On October 13, 2011, the United States Securities and Exchange Commission (SEC) issued formal guidance on how U.S. publicly traded companies should disclose cybersecurity risks and data exposure. In the guidance, the SEC states: Depending on the registrant’s particular facts and circumstances, and to the extent material, appropriate disclosures may include: Discussion of aspects of the registrant’s business or operations that give rise to material cybersecurity risks and the potential costs and consequences; To the extent the registrant outsources functions that have material cybersecurity risks, description of those functions and how the registrant addresses those risks; Description of cyber incidents experienced [...]
The news is full of stories of crucial systems being infiltrating by malware. The Stuxnet code caused Iranian nuclear centrifuges to self-destruct. The U.S. Predator and Reaper drones have been infected with malware. Malware attacks are not limited to the Earth -- the International Space Station has been infected more than once. The White House considered cyber attacks on Libya. Some of these incidents, such as Iranian centrifuges self-destructing, seem like something from a spy novel or James Bond movie. It made us wonder about life imitating art. We found the case of a laser satellite being sabotaged by infiltration of malicious code. This is [...]
IBM has just released its IBM X-Force® 2011 - Mid-year Trend and Risk Report. The IBM Press Release provides a good summary of the 92 page report. For those of us who are interested in phishing and spearphishing, IBM's report provides some interesting insights. The report draws a clear distinction between phishing and spearphishing. The report reminds us that while the terms are similar, the schemes are vastly different. In phishing, the bad guy is playing a game of numbers: Phishing derives its name from the analogy of fishing in a large lake. You cast your line into that lake and [...]
Trend Micro, a leading security company and distributor of the Iconix products, has uncovered a massive and ongoing series of cyber attacks dubbed Lurid. Trend Micro provided this overview of Lurid: Trend Micro has discovered an ongoing series of targeted attacks known as “LURID,” which has successfully compromised 1,465 computers in 61 different countries. We have been able to identify 47 victims, including diplomatic missions, government ministries, space-related government agencies, as well as other companies and research institutions. The countries most impacted by this attack include Russia, Kazakhstan, and Vietnam, along with numerous other countries mainly Commonwealth independent states (in [...]