It is being widely reported in the press that Chinese cyberspies have stolen designs of many leading edge U.S. weapons systems. F-35 Lightning II Joint Strike Fighter The Washington Post lists the stolen technology: The designs included those for the advanced Patriot missile system, known as PAC-3; an Army system for shooting down ballistic missiles, known as the Terminal High Altitude Area Defense, or THAAD; and the Navy’s Aegis ballistic-missile defense system. Also identified in the report are vital combat aircraft and ships, including the F/A-18 fighter jet, the V-22 Osprey, the Black Hawk helicopter and the Navy’s new Littoral [...]
In a detective story worthy of Sherlock Holmes, Norman has uncovered the cyberattack infrastructure that India appears to be using to spy on systems in Pakistan and elsewhere. Anyone interested in a real life IT detective story should read Unveiling an Indian Cyber attack Infrastructure. On March 17, 2013, the Norwegian press reported that Telenor, the Norwegian telecommunications company, had filed a complaint with the Norwegian police about suspected unlawful intrusion into Telenor's computer network. The intrusion appeared to have been accomplished using --- you guessed it -- spearphishing. Another example of the triumph of social engineering over technical defenses. As Norman [...]
The New York Times is reporting that Unit 61398, the Chinese cyber-espionage unit that has stolen vast amounts of data from western governments and industry, has returned to its old tricks. Following the release of the Mandiant report in February 2103, the unit disappeared from the internet. However, they have now returned to the web, operating at 60% to 70% of the level there at which they were working before Mandiant exposed them. Quoting Crowdstrike, the NYT reports that it is "business as usual" for the Chinese hackers. Reporting on the same story, Computerworld observes that what the Unit 61398 [...]
In a recent blog posting, Seculert discussed a new malware threat which they have dubbed "Magic Malware." Magic Malware uses a proprietary communications protocol which evades detection by evasion detection software which monitors regular communications protocols. Seculert observed: This “magic malware” — as we’ve dubbed it — is active, persistent and had remained undetected on the targeted machines for the past 11 months. ... The real intention of the attackers behind this magic malware ... is yet to be known. As the malware is capable of setting up a backdoor, stealing information, and injecting HTML into the browser, we believe that [...]
In a recent Computerworld article entitled Security tools can't keep hackers at bay, Jaikumar Vijayan writes about malware that struck Schnucks supermarket chain. It took the experts from Mandiant two weeks to plug the security holes exploited by this malware. Why was this malware so difficult to find and fix? Because the bad guys are using ever more sophisticated means to hide their evil work. The article quotes Avivah Litan, an analyst at Gartner: Increasingly, attackers are resorting to techniques like hiding stolen data inside legitimate files and encrypting data to evade detection. They cloak their malware or hide it within seemingly innocuous files so that [...]
Verizon recently released their 2013 Data Breach Investigations Report. We encourage everyone who cares about network security to read the report. One statistic stands out from the rest: The bad guys need credentials to do their dirty work. The most effective way to get credentials is to steal them using spearphishing. At Iconix we are dedicated to offering a real solution to this problem. That solution is SP Guard.
The Twitter feeds of the BBC, the AP and the Guardian have all been compromised. This fake tweet from the real AP Twitter account: caused $140 billion in stock market losses. In response to these events, Twitter issued a memo to the press in which Twitter gives various recommendations on how to deal with the spearphishing problem. While this memo gives sound advice, the recommendations do not address the core spearphishing problem. What is the core spearphishing problem? Deception is the core spearphishing problem. In spearphishing, the bad guys send socially engineered emails which initiate a process which steals credentials. The spearphisher's [...]