Trick No Treat – Spearphishing

Today is Halloween.  On this day kids and adults alike masquerade and engage in merriment.  For children coming to your door, the greeting is "Trick Or Treat." There is another kind of masquerade that is taking place every day in cyberspace -- spearphishing.  Instead of obscuring their identity for fun and games, spearphishers masquerade as trusted email senders.  When you open the email, there is no treat, only an evil trick.  For example, Quartz has confirmed that the Syrian Electronic Army used spearphishing to infiltrate the Obama inner circle and compromise the President's twitter feed. Spearphishers deceive people into making bad [...]

2017-01-07T17:35:18-05:00October 31st, 2013|Phishing, SP Guard|

@barackobama tweets captured by Syrian Electronic Army

The Wall Street Journal is reporting that President Obama's twitter feed was infiltrated by the Syrian Electronic Army. According to an official with Organizing for Action, a group that supports the president, the Syrian Electronic Army was able to hack a service that helps OFA shorten the links it uses on its main Twitter account, @barackobama. The service, run by a third-party vendor, turns long Internet links into an “OFA.BO” format that it then uses in its tweets. Using this access, the Syrian Electronic Army was able to redirect the President's @barackobama tweets to a video entitled,“Syria Facing Terrorism.” The Syrian Electronic Army also claims to have hacked [...]

2017-01-07T17:35:18-05:00October 30th, 2013|SP Guard, spear phishing|

CryptoLocker — Ransomware via Email

Computerworld is reporting on a new piece of ransomware called CryptoLocker.  Delivered as an email attachment claiming to be from Xerox, UPS,  FedEx, or other trusted sender, CryptoLocker encrypts your files.   The bad guys give you a limited period of time to pay the ransom. Once the payment has been made, the decryption usually begins. There is typically a four-day time limit on the payment option; the malware's author claims the private key required to decrypt files will be deleted if the ransom is not received in time. If the private key is deleted, your files will essentially never [...]

2017-01-07T17:35:18-05:00October 25th, 2013|Phishing, SP Guard, spear phishing|

Icefog APT — Surgical Hit and Run Attacks

Kaspersky reports on a new trend in APT -- cyber-mercenaries who perform surgical hit and run operations.  In its report, The "Icefog" APT: A Tale of Cloak and Three Daggers, Kaspersky discusses the focus with which the Icefog attackers work.  Kaspersky provides this summary of Icefog: The attackers rely on spear-phishing and exploits for known vulnerabilities (eg. CVE-2012-0158, CVE-2012-1856, CVE-2013-0422 and CVE-2012-1723). The lure documents used in the attacks are specific to the target’s interest ...; Based on the profiles of known targets, the attackers appear to have an interest in the following sectors: military, shipbuilding and maritime operations, research companies, telecom operators, [...]

2017-01-07T17:35:18-05:00October 18th, 2013|SP Guard, spear phishing|

New Money!

Tomorrow (October 8, 2013)  the United States will have a brand new $100 bill. Why do we need new money?  Because bad guys spoof money (also known as counterfeiting).  Nobody wants counterfeit money.  That is why it is important that people who are not Secret Service Agents are able to quickly and accurately distinguish real money from counterfeit money.  This requires two things -- *  features that are hard to spoof *  features that are easy to find You can see these features at the interactive note. Counterfeit money and spearphishing rely on the same basic function -- deceiving people. [...]

2018-04-05T13:12:15-04:00October 7th, 2013|SP Guard, spear phishing|

DLP – Finding Bad Guys Isn’t Easy

Brian Krebs, the cyber security expert, has discovered three disturbing data breaches over the last few days. Adobe.  Brian discovered the compromise of source code for several Adobe products and 3 million customer accounts. The attack appears to have started in mid-August of this year. LexisNexis/D&B/Kroll.  The databases of these three databrokers appear to have been compromised in April of this year. The bad guys installed bots that allowed them to mine data and sell the data in a massive identity theft scheme.  In addition to supporting massive identify theft, this data breach undermines the entire knowledge based authentication business. [...]

2017-01-07T17:35:18-05:00October 4th, 2013|SP Guard, spear phishing|

Humans Defending Machines from Other Humans

Dr. Frederick Chang, former NSA Director of Research observed: … cybersecurity is fundamentally about an adversarial engagement. Humans must defend machines that are attacked by other humans using machines. A recent blog posting by Cyveillance demonstrates this concept.  In Sophisticated DDoS Botnets Bypass Defenses,  Phil Annibale, Manager, Cyber Intelligence Division, writes about Dirt Jumper, a new Distributed Denial Of Service (DDoS) tool. Dirt Jumper is a DIY tool that is available for as little as $150 on the black market.  The humans who developed Dirt Jumper examined the defenses that human defenders deploy to defend against DDoS.  The Dirt Jumper developers then engineered [...]

2017-01-07T17:35:18-05:00October 3rd, 2013|SP Guard, spear phishing|

Gartner Looks At APT Defense

On August 20, 2013, Gartner released Five Styles of Advanced Threat Defense.  This graphic from the Gartner report summarizes the defensive strategies: Gartner provides a description of each style, the strengths, weakness and players. Style 1 - Network Traffic Analysis.  These firms look at traffic patterns and seek to highlight abnormal traffic. Players include Arbor Networks, Damballa, Fidelis, Lancope and Sourcefire. Style 2 - Network Forensics.  After the bad guys are in, these tools support incidence response.  Players include Blue Coat and RSA. Style 3 - Payload Analysis.  These firms use a sandbox environment to detect malware and prevent installation. [...]

2017-01-07T17:35:18-05:00October 1st, 2013|SP Guard, spear phishing|