Email – Deceptive By Design

On July 20, 2012, President Obama wrote in the Wall Street Journal: Nuclear power plants must have fences and defenses to thwart a terrorist attack. Water treatment plants must test their water regularly for contaminants. Airplanes must have secure cockpit doors. We all understand the need for these kinds of physical security measures. It would be the height of irresponsibility to leave a digital backdoor wide open to our cyber adversaries. The most widely used backdoor into data systems is the Advanced Persistent Threat (APT).  The most commonly used attack vector in APT is spearphishing – a deceptive email created by [...]

2017-01-07T17:35:20-07:00December 28th, 2012|SP Guard, spear phishing|

Tricking People – Yes, It’s That Easy

The most widely used and effective means to infiltrate a data processing system is spearphishing. Trend Micro recently reported that over 90% of targeted attacks use spearphishing to infiltrate the systems.  The core of spearphishing is social engineering - the attacker using his own human experiences and dishonesty to trick other people.  In spearphishing, the victim is tricked using email.  In a non-cyber example of how easy it is to fool people, Frank Abagnale, Jr., the conman portrayed in "Catch Me If You Can", related this story in a recent interview with the Minneapolis/St.  Paul Business Journal: I was sitting [...]

2017-01-07T17:35:20-07:00December 12th, 2012|SP Guard, spear phishing|

Millions of Social Security Numbers Lost in Spearphishing Attack

Search Security reports that the South Carolina Department of Revenue's systems were compromised by a spearphishing attack which exposed millions of Social Security numbers, bank account information and thousands of credit and debit card numbers. Details of the attack are spelled out in a detailed incident report posted on the State of South Carolina's website.  The attacker used a spearphishing email with a malicious link.  When the employee clicked on the link a series of unfortunate events unfolded.  First, the employee's log-in credentials were stolen. From there, the attacker leveraged the stolen credentials in a series of clever moves that ultimately [...]

2017-01-07T17:35:21-07:00December 7th, 2012|SP Guard, spear phishing|