Massive Global Spearphishing Attack Nets Millions

McAfee and Guardian Analytics have released a new whitepaper entitled, Dissecting Operation High Roller.  In the whitepaper, they describe a massive global attack that is stealing tens of millions of dollars banks, institutions and wealthy individuals. Unlike standard SpyEye and Zeus attacks that typically feature live (manual) interventions, we have discovered at least a dozen groups now using server-side components and heavy automation. The fraudsters’ objective in these attacks is to siphon large amounts from high balance accounts, hence the name chosen for this research: Operation High Roller. With no human participation required, each attack moves quickly and scales neatly. [...]

2017-01-07T17:35:23-05:00June 29th, 2012|SP Guard, spear phishing|

Homeland Security Demonstrates Spearphishing

On June 14, 2012, Mark Weatherford, DHS's deputy under secretary for cybersecurity, provided at least the third formal cybersecurity presentation to the United States Senate.  The demonstration was part of the Obama Administration's efforts to pass cybersecurity slated to come to the Senate floor in the next three weeks.  This demonstration again focused on a spear phishing attack against the Homeland Security Department. The demonstration reflected the reality of the recent attack against the U.S. Natural Gas Pipeline infrastracture. Secretary Weatherford said the purpose of the demonstration was not to scare Senators and staff, but to enlighten them about how easy it [...]

2017-01-07T17:35:23-05:00June 19th, 2012|SP Guard, spear phishing|

Spearphishing Attack on Industrial Control Systems Security Firm

This week DigitalBond, a firm that specializes in security for Industrial Control Systems (ICS), reported that it had been the victim of a spearphishing cyberattack.  Demonstrating the clever personalization that social engineering requires, DigitalBond reported: It’s a bit concerning that a company whose sole focus is securing industrial control systems should be spear phished.  The attacker clearly went to enough trouble to try to understand ICS security lingo to get the employee to open the link, and had to compromise a DNS server. This is the spearphishing email: Security Week  reports that this attack was part of a series of [...]

2017-01-07T17:35:23-05:00June 15th, 2012|SP Guard, spear phishing|

American Banker Reports on Spearphishing

In a new video, American Banker discusses the ease with which hackers can deceive email recipients. In the video, the reporters discuss how a security expert crafted an email from one reporter to the other.  The recipient, being deceived into believing that the hacker was a colleague, opened the fake email.  Why?  Because it is impossible to easily determine that the fake email was fake. American Banker concludes: Social engineering attacks — also known as phishing and spear-phishing — are on the rise against banks and their corporate customers. The stakes are high and rising for both. Social engineering deceives users into becoming [...]

2017-05-23T14:59:03-04:00June 11th, 2012|SP Guard, spear phishing|

Iconix Named to OTA 2012 Online Trust Honor Roll

ICONIX, Inc., has been named to the Online Trust Alliance (OTA) 2012 Honor Roll.  This designation is based on a composite trust score of security and privacy measures at hundreds of online sites. Designed to recognize leadership, the Honor Roll distinguishes Iconix as a “North Star” to inspire others. Of the companies evaluated by the non-profit, member-based OTA, less than 30% made the grade. As part of the 2012 study, released June 6, 2012, OTA analyzed the adoption of key security and privacy initiatives, providing benchmark reporting and comparisons between key industry sectors including leading internet retailers, FDIC Top 100 [...]

2017-01-07T17:35:23-05:00June 8th, 2012|Consumers and Email|

Iconix Whitepaper – Defending Against Spoofed Domain Spearphishing Attacks

Today Iconix released its whitepaper, "Defending Against Spoofed Domain Spearphishing Attacks."  In this whitepaper,  Iconix discusses the ease with which hackers can use spoofed email addresses to deceive email recipients. Spoofed domain spearphishing is occurring because technology favors the social engineering schemes employed in spearphishing that are used to deceive recipients.  It is technically easy to fake the sending email address that is displayed to the recipient.  You can see a demonstration of how easy it is to spoof a sending domain at Spearphishing -- The Movie.  A little internet research yields substantial personal information that can be used to [...]

2017-01-07T17:35:23-05:00June 1st, 2012|SP Guard, spear phishing|