Stratfor — The Other Shoe Drops

Just before Christmas 2011, Stratfor was hacked by Anonymous. The means of that attack are unknown. Government Computer News is now reporting that the stolen Stratfor data are being used to send deceptive targeted emails to government email addresses. Microsoft has published technical details of the attack, including this sample fake email: The fake email delivers a malicious attachment in the form of a pdf file with a virus.  Microsoft elaborated on the attack: The link displayed in the emails appears legitimate at first glance, but looking closely at the target address, you notice that it doesn't originate from the [...]

2017-01-07T17:35:24-05:00February 21st, 2012|SP Guard, spear phishing|

Spearphishers Attack During Holidays

FireEye has just released research showing that spearphishers increase their attacks during holidays.  This graphic from FireEye shows the number of incoming malicious email attachments that evaded detection by the initial Anti-Virus and Anti-Spam defenses. FireEye says that the trend to mount attacks during national holidays suggests that the bad guys are attacking at times when IT operations are lightly staffed, thereby increasing the probability of avoiding detection.  Firewire observed that the national holiday attacks are well-coordinated: Prior to the start of the actual holiday, attackers appear to experiment with multiple campaigns, as illustrated by the smaller spikes in traffic, leading [...]

2017-01-07T17:35:24-05:00February 16th, 2012|SP Guard, spear phishing|

MSUpdater Trojan Installed by Spearphishing

After Zscaler and Seculert independently identified targeted attacks that used  Remote Access Tool (RAT) malware to compromise  several government-related organizations, the firms collaborated to analyze the attacks.  Using their combined resources, Zscaler and Seculert were able to link the current attacks to previous  targeted attacks that have been occurring since early 2009.  They identified the threat vector as highly targeted spearphishing emails with malicious attachments, providing several examples of the social engineering that went into creating a compelling email.  They announced their findings in a January 31, 2012 blog posting.  They also issued a detailed joint technical report. Zscaler and Seculert termed this new class [...]

2017-01-07T17:35:24-05:00February 9th, 2012|SP Guard, spear phishing|

FBI Embarrassed by Hacked Email Account

The press is widely reporting on Anonymous eavesdropping on a phone call between the FBI and Scotland Yard and other non-U.S. police agencies.  The sixteen minute phone call is currently posted here. How did Anonymous do it?  The FBI sent the link to the conference call to more than three dozen people at the FBI, Scotland Yard, and agencies in France, Germany, Ireland, the Netherlands and Sweden. One of the people who received the conference call log-in data forwarded the email to his personal account. That personal account had been hacked by Anonymous.  By accessing the hacked email account, Anonymous obtained the [...]

2017-01-07T17:35:24-05:00February 4th, 2012|SP Guard, spear phishing|