Cyber Attacks Target Human Frailty

In testimony before the United States Senate Armed Services Committee, Subcommittee on Emerging Threats and Capabilities, cyber security experts from Mandiant told the Senators that intruders often use  deceptive emails to compromise systems. Kevin Mandia said, They're leveraging human weaknesses and human vulnerability and trust to break into these organizations. Mandia told the senators that it is difficult to defend against deception. It is easy to deceive people.  This is an example of a deceptive spearphishing email. What looked like a routine FedEx email was, in fact, a cyber attack that compromised the New York Times. Your personnel will receive [...]

2017-01-07T17:35:20-05:00March 25th, 2013|SP Guard, spear phishing|

The Importance of Being Current

The widely report attacks on banks in South Korea provide a strong lesson in the importance of using up-to-date software. As the Los Angeles Times reports, the attack was not technically sophisticated.  Nevertheless, as the New York Times reports, the attack was extremely effective in causing havoc in South Korea. Avast! has determined that this attack exploited non-current versions of Internet Explorer.   If the users had been using correctly configured versions of current software, instead of being damaged, the attack would have been stopped by the browser.

2017-01-07T17:35:20-05:00March 22nd, 2013|Uncategorized|

Director of National Intelligence warns US Senate — Cyber Is First On His List

Yesterday, March 12, James R. Clapper, the Director of National Intelligence, provided the United States Senate with the annual US INTELLIGENCE COMMUNITY WORLDWIDE THREAT ASSESSMENT.   The first threat in the report is Cyber. While we think it is important to read the entire discussion of Cyber, we think this excerpt provides a good summary of the situation: Foreign intelligence and security services have penetrated numerous computer networks of US Government, business, academic, and private sector entities. Most detected activity has targeted unclassified networks connected to the Internet, but foreign cyber actors are also targeting classified networks. Importantly, much of the nation’s [...]

2017-01-07T17:35:20-05:00March 13th, 2013|Uncategorized|

Longline Phishing

proofpoint has just released a whitepaper describing the latest innovation in APT cyberattacks -- longline phishing. proofpoint describes the latest innovations that attackers are using to ply their craft.  In order to evade cyber defenses, the APT cyberattacker has three objectives: Maintain low volume attacks to evade detection. Customize the attack to optimize victim response. Deliver unique malware to evade malware defenses. In order to accomplish these three objectives, historically the attackers had to devote significant effort to each attack.  That effort imposed a cost/volume trade-off on the attackers.  Describing longline phishing, proofpoint observes: ... today’s advanced phishing tactics may [...]

2017-01-07T17:35:20-05:00March 8th, 2013|SP Guard, spear phishing|

RSA 2013

We just attended the RSA Conference 2013 in San Francisco.  The conference presented a vast array of products and technologies to defend systems. We think the most important security information did not come from the RSA Conference -- it came from Mandiant. Mandiant's groundbreaking report APT1 - Exposing One of China's Cyberespionage Units provides a case study of the process we have termed Chasing What's Already Gone - the cycle of: spearphishing attack unique exploit installation surreptitious command & control discovery remediation repeat How did the bad guys respond to the Mandiant report?  They used the report itself as spearphishing bait to [...]

2017-01-07T17:35:20-05:00March 1st, 2013|SP Guard, spear phishing|