Spearphishing – The Hack of Choice

Our friends at Trend Micro have just released a study called "Spear-Phishing Email: Most Favored APT Attack Bait" discussing the methods used to infiltrate systems in APT - Advanced Persistent Attacks.  The findings?  91% of targeted attacks arrive via email.   Spearphishing emails deliver their malware using three different delivery methods: Malicious Attachments, which, when opened, install malware Malicious Links, which, when clicked and followed, install malware Other Methods, such as instructions to visit a website or call a telephone number. Of these methods, the overwhelming favorite used by attackers was malicious attachments. Source: Trend Micro In addition to revealing [...]

2017-01-07T17:35:21-05:00November 30th, 2012|SP Guard, spear phishing|

Did the US Cyberspy on France?

It is being widely reported that France is accusing the US of cyberespionage.  Techspot reports the details of how the spies were able to infiltrate the computers of President Sarkozy's advisors to steal information. In order to pull off the attack, the hackers leveraged their social engineering skills. First, they used Facebook to identify individuals close to Sarkozy and his team. Those hackers then crafted a bogus yet effectively indistinguishable clone of Elysee Palace's website and sent phishing emails to lure Sarkozy's advisers into logging on. When Sarkozy's trusted cohorts attempted to log on to the fake page, hackers recorded [...]

2017-01-07T17:35:21-05:00November 26th, 2012|SP Guard, spear phishing|

2013 Security Threats — Websense

Websense has release a comprehensive prediction of the security threats for the coming year.  We recommend that anyone interested in the evolving threats and tactics being used to attack systems should read this comprehensive report. Because Iconix is an email security company, we focused on the email predictions.  Websense predicts that email will continue to be a favorite means of attack. For consumers, this means more deceptive emails that leverage important recurring events (tax time, elections, etc.), current events and clever trickery to lure people into giving up money or credentials.  On the enterprise side, spearphishing will be used to [...]

2017-01-07T17:35:21-05:00November 16th, 2012|Phishing, SP Guard, spear phishing|

Cyber-Industrial Espionage Growing – Investors Don’t Know

In a story entitled Coke Gets Hacked and Doesn't Tell Anyone, Bloomberg reports on the growing problem of cyber industrial espionage undermining the value of companies.  The article illustrates the central role of spearphishing in cyber-industrial espionage: The Coca-Cola report provides a rare and chilling account of the intricate and determined ways that hackers raided its files -- from pilfering internal e-mails to gaining the ability to access almost any Microsoft (MSFT) Windows server, work station or laptop on the network with full remote control. Computer hackers made daily incursions through Coca-Cola networks over a period of at least one [...]

2018-04-05T12:49:41-04:00November 6th, 2012|SP Guard, spear phishing|