Syrian Electronic Army – Sophisticated?

Yesterday the Syrian Electronic Army attacked Twitter, Huffington Post UK and the New York Times.  Visitors to the New York Times website were greeted with this: The Washington Post characterized the attacks: The cyberattacks were among the more sophisticated in a recent series of assaults on high-profile Western media organizations, including The Washington Post and the Associated Press. Did these attacks demonstrate great technical sophistication?  No doubt the SEA has been effective in its efforts to disrupt the media. However, in reality these attacks were technically trivial.  SC Magazine is reporting that these attacks were accomplished  using  . . . . [...]

2017-01-07T17:35:18-05:00August 29th, 2013|SP Guard, spear phishing|

Spearphishing Threat Chain & Edward Snowden

This is the spearphishing threat chain: The goal of the defender is to disrupt this threat chain as early as possible in order to prevent or mitigate harm. While Iconix has nothing to add to the ongoing political debates about Edward Snowden and his NSA disclosures, we do want to point out the important lessons he teaches us about credentials.  As Mandiant reported in APT1, a primary objective of state-affiliated attackers is user credentials; with user credentials in hand, the attacker can jump to stage 5 of the threat chain.  What can a person do after entering stage 5? Edward [...]

2017-01-07T17:35:19-05:00August 28th, 2013|SP Guard, spear phishing|

Combat ID in Cyberspace

Cybersecurity threats represent one of the most serious national security, public safety, and economic challenges we face as a nation. -2010 National Security Strategy As Dr. Frederick Chang, former NSA Director of Research, warns : … cybersecurity is fundamentally about an adversarial engagement. Humans must defend machines that are attacked by other humans using machines. In adversarial engagements, the ability to tell friends from foes in crucial.  Robert Hesser and Danny Rieken  explain the central role of combat identification in traditional warfare in “FORCEnet ENGAGEMENT PACKS: “OPERATIONALIZING” FORCEnet TO DELIVER TOMORROW’S NAVAL NETWORK-CENTRIC COMBAT REACH, CAPABILITIES . . . TODAY.”  Note: [...]

2017-01-07T17:35:19-05:00August 26th, 2013|SP Guard, spear phishing|

Advanced Attackers – Common RATs

FireEye has just released a research report on the Poison Ivy Remote Access Tool (RAT).  A RAT is a malicious program which gives a remote user unfettered surreptitious access to the infected system.  The Poison Ivy RAT is an easy to use remote access tool that provides the attacker with a windows interface.  Poison Ivy's features include key logging, screen capturing, video capturing, file transfers, system administration, password theft, and traffic relaying. Attackers can use these features to move laterally and escalate system privileges.  You can watch a RAT in action in our posting Spearphishing - The Movie. FireEye makes two [...]

2017-01-07T17:35:19-05:00August 23rd, 2013|SP Guard, spear phishing|

Syrian Electronic Army Hacks Washington Post, CNN and Time

The Syrian Electronic Army today hacked the websites of CNN, the Washington Post and Time. The Washington Post describes the attack as follows: The hacking follows a “phishing” attack by an unidentified source this week aimed at securing the passwords and log-in information of e-mail accounts maintained by Post journalists. The source of the attack sent e-mails to Post mailboxes that appeared to emanate from Post colleagues; the e-mails directed recipients to click a link and provide log-in data. That information could then be used by an outside source to gain unauthorized access to a computer network. Post officials believe [...]

2017-01-07T17:35:19-05:00August 15th, 2013|SP Guard, spear phishing|

Pakistan’s Cyberattack Infrastructure — Found In USA

We recently wrote about the discovery of India's cyberattack infrastructure -- in Norway. Pakistan appears to be using similar spearphishing tactics against India.  ThreatConnect is reporting that they uncovered Pakistani spearphishing artifacts in a small subnet hosted in the United States.  The researchers found spearphishing bait designed to entice Indian victims into clicking together with its malware payloads.  One example of the bait, a fake pension attachment which had all the attributes of a real pension memorandum of record, shown below. ThreatConnect speculates that this 12 page document was customized to deceive specific individuals.  Of course, the document was malicious [...]

2017-01-07T17:35:19-05:00August 9th, 2013|SP Guard, spear phishing|

Spy vs. Spy 2.0

At the recent Black Hat Security Conference Dell Secureworks revealed an 18 month long investigation that can best be described as Spy vs. Spy 2.0.  Computerworld reported on Dell's research. For 18 months Dell Secureworks researchers Joe Stewart and Don Jackson secretly monitored the command and control network of a band of Chinese cyberspies dubbed "the Beijing Group." The Beijing runs the Comfoo RAT which is responsible for the compromise of the RSA SecurID token.  SecureWorks revealed that it uncovered more than 64 campaigns which targeted over 100 victims.  The attackers used more than 200 variants of the Comfoo code in [...]

2017-01-07T17:35:19-05:00August 7th, 2013|SP Guard, spear phishing|

Your Bleeped Up Brain

The cable TV channel H2 is running a mini-series on the human mind - Your Bleeped Up Brain. The series is truly fascinating.  While we think our heads contain a highly precise computer, it turns out that the ball of matter inside our heads is good at navigating life, but not very good at discerning fine details out of a complex environment. For those us of in the cybersecurity world, the last episode - Deception - is particularly interesting.  In Deception, the show presents several examples of how the brain takes incomplete or inaccurate information and completes the story to [...]

2018-04-05T13:20:49-04:00August 6th, 2013|Iconix Truemark Service, Phishing, SP Guard, spear phishing|

New Tools — For Bad Guys

Advanced Persistent Threats (APT) almost always use spearphishing as the means of infiltration. An effective spearphishing email needs to be targeted to the victim.  If the content doesn't ring true, the intended victim won't be deceived.  Part of ringing true is crafting an email that uses the right jargon and writing style. This makes the reconnaissance phase of an APT critical. Microphisher is a tool that analyzes published content (blogs, tweets, Facebook, etc.) and determines writing style and topics written about.  This assists in writing a message that mimics the writing style of people in the organization. The ethical hackers [...]

2017-01-07T17:35:19-05:00August 5th, 2013|SP Guard, spear phishing|

Spearphishing Tricks — Everyone

The Los Angeles Times is reporting that new research from the State University of North Carolina shows that people are easily deceived by targeted emails.  The researchers found that although people were aware of how spearphishing worked and confident in their abilities to avoid deception, people were, nevertheless, deceived. Before taking the test, 89% of the subjects said they were confident that they could spot spearphishing emails.  When put to the test, just 4 of the 53 subjects were able to correctly spot the spearphishing messages. More than half of the test subjects missed more than half of the fake [...]