TrendMicro has discovered a spearphishing attack that compromised the Israeli police.  The attack forced all police computers to be taken offline. In a textbook example of effective social engineering, the attackers crafted this email which spoofed the name of a trusted sender (Benny Gantz, the head of the Israel Defense Forces), had text that was a strong call to action (in this case, a subject of immediate interest to Israeli security forces) and delivered an attachment with zero day exploits. When the recipients opened the email, they were offered the opportunity to download the enticing attachment.  The attachment installed malware [...]

Cyberwar is upon us.  Last month it was disclosed that the White House Military Office had been attacked.  Thousands of sensitive records have been stolen from the Pentagon.  Major banks have been compromised. The administration has introduced legislation to address these threats.  Among the provisions of The Cybersecurity Act are data sharing rules.  In his Cyberwar Pearl Harbor speech,  Secretary of Defense Panetta explained data sharing: Ultimately, no one has a greater interest in cybersecurity than the businesses that depend on a safe, secure and resilient global, digital infrastructure. Particularly those who operate the critical networks that we must help defend.  [...]

On October 11, 2012, Leon Panetta, the US Secretary of Defense, spoke about the cyberthreats against the United States. He called cyberthreats a potential cyber Pearl Harbor. You can read a transcript of his remarks here. The Secretary spoke about the recent denial of service attack on financial institutions. He disclosed a previous classified attack on US oil interests: But even more alarming is an attack that happened two months ago when a very sophisticated virus called Shamoon infected computers in the Saudi Arabian State Oil Company Aramco.  Shamoon included a routine called a ‘wiper’, coded to self-execute.  This routine replaced [...]

In a blog entry posted today, Patrik Runald of Websense writes, "What is Scaring Businesses the Most? Spear-phishing."  The post explains the difference between high volume spam email and the social engineering used to create highly targeted emails. The post describes a spearphishing technique in which the attackers use clever timing of different cyberattack tools to defeat cyber-defenses: A typical attack of this type would have the bad guy doing the following: Find a URL that can be easily compromised… but do nothing at that time. Leave it ‘as is’ for now. Craft an email that will not trigger spam, AV [...]

On September 26, 2012, The Washington Post investigations team published an article entitled, "In cyberattacks, hacking humans is highly effective way to access systems." The authors prepared a fascinating graphical description of a highly targeted email attack.  The graphic shows how the hacker starts by using data readily available on the internet to gather information about the target.  The attacker than crafts an email that will be enticing to the target.  When the target takes the action requested in the targeted email, malware is installed in the victim's system.  At this point, the attacker is free to steal data and disrupt systems. Demonstrating the [...]