In testimony before the United States Senate Armed Services Committee, Subcommittee on Emerging Threats and Capabilities, cyber security experts from Mandiant told the Senators that intruders often use deceptive emails to compromise systems. Kevin Mandia said, They're leveraging human weaknesses and human vulnerability and trust to break into these organizations. Mandia told the senators that it is difficult to defend against deception. It is easy to deceive people. This is an example of a deceptive spearphishing email. What looked like a routine FedEx email was, in fact, a cyber attack that compromised the New York Times. Your personnel will receive [...]
The widely report attacks on banks in South Korea provide a strong lesson in the importance of using up-to-date software. As the Los Angeles Times reports, the attack was not technically sophisticated. Nevertheless, as the New York Times reports, the attack was extremely effective in causing havoc in South Korea. Avast! has determined that this attack exploited non-current versions of Internet Explorer. If the users had been using correctly configured versions of current software, instead of being damaged, the attack would have been stopped by the browser.
Yesterday, March 12, James R. Clapper, the Director of National Intelligence, provided the United States Senate with the annual US INTELLIGENCE COMMUNITY WORLDWIDE THREAT ASSESSMENT. The first threat in the report is Cyber. While we think it is important to read the entire discussion of Cyber, we think this excerpt provides a good summary of the situation: Foreign intelligence and security services have penetrated numerous computer networks of US Government, business, academic, and private sector entities. Most detected activity has targeted unclassified networks connected to the Internet, but foreign cyber actors are also targeting classified networks. Importantly, much of the nation’s [...]
proofpoint has just released a whitepaper describing the latest innovation in APT cyberattacks -- longline phishing. proofpoint describes the latest innovations that attackers are using to ply their craft. In order to evade cyber defenses, the APT cyberattacker has three objectives: Maintain low volume attacks to evade detection. Customize the attack to optimize victim response. Deliver unique malware to evade malware defenses. In order to accomplish these three objectives, historically the attackers had to devote significant effort to each attack. That effort imposed a cost/volume trade-off on the attackers. Describing longline phishing, proofpoint observes: ... today’s advanced phishing tactics may [...]
We just attended the RSA Conference 2013 in San Francisco. The conference presented a vast array of products and technologies to defend systems. We think the most important security information did not come from the RSA Conference -- it came from Mandiant. Mandiant's groundbreaking report APT1 - Exposing One of China's Cyberespionage Units provides a case study of the process we have termed Chasing What's Already Gone - the cycle of: spearphishing attack unique exploit installation surreptitious command & control discovery remediation repeat How did the bad guys respond to the Mandiant report? They used the report itself as spearphishing bait to [...]