$140 Billion Spearphishing Attack

Yesterday, April 23, the twitter account of the AP wire service was compromised.  The perpetrators sent out a fake tweet from the real AP account saying that the President had been injured in a bombing at the White House.  There was no bombing. Jay Carney Confirms President is Fine This is the tweet that cost $140 billion in lost stock market value. How could this have happened?  It happened because a spearphishing email tricked an employee of AP into compromising the credentials to AP's twitter account.  With the credentials in hand, the attackers were free to use the twitter [...]

2017-01-07T17:35:20-05:00April 24th, 2013|SP Guard, spear phishing|

Drone Sector Under Spearphishing Attack

On April 17, 2013, FireEye reported on a series of spearphishing attacks against government agencies and aerospace, defense, telecommunications companies in India and the United States. The attachments which installed the malware varied considerably.  Some were blank, some were unreadable, some purported to contain contact data for a U.S. serviceman.  And some of the attachments were infected copies of an Indian researcher's report on the Pakistani drone program. FireEye reports on the various techniques that the attackers uses to prevent detection.  FireEye identified this evasion methods: The file specifies fake properties, pretending to be Google or Microsoft. The file is [...]

2017-01-07T17:35:20-05:00April 22nd, 2013|SP Guard, spear phishing|

APT – Going for Cybergold

After an investigation which commenced in autumn of 2011, yesterday (April 11, 2013) Kaspersky Labs announced the results of its investigation into malware in the gaming industry. Kaspersky has identified the attackers as the Winnti organization. Kaspersky observed: It’s tempting to assume that Advanced Persistent Threats (APTs) primarily target high-level institutions: government agencies, ministries, the military, political organizations, power stations, chemical plants, critical infrastructure networks and so on. In this context it seems unlikely that a commercial company would be at risk unless it was operating on the scale of Google, Adobe or The New York Times, which was recently [...]

2017-01-07T17:35:20-05:00April 12th, 2013|SP Guard, spear phishing|

Smarter Malware

After a spearphishing email deceives a recipient into introducing malware into a network, diverse protective strategies kick into action. These defensive strategies monitor activity and flag unusual activities. The goal of the attacker is to "stay below the radar" and avoid detection. FireEye has discovered malware which seeks to hide behind legitimate activity to evade detection. FireEye reports that, unsurprisingly, this malware is introduced as an attachment to a spearphishing email. After the malware, dubbed "Trojan.APT.BaneChant", is installed, the malware engages in a multi-tiered defensive strategy to evade detection.  FireEye summarized the malware's detection evasion strategies: 1. Evade sandbox by [...]

2017-01-07T17:35:20-05:00April 5th, 2013|SP Guard, spear phishing|