Time – It’s On the Attackers’ Side

Anup Ghosh, writing a comment on the Securosis blog observed: The fallacy of the logic in monitoring and response is that you can detect the attack that bypassed the tools. If you could, then you would simply update the tools, which is how the security industry works (and failed) by and large. Instead, humans end up detecting artifacts of attacks long after the attack has been successful—after the damage is done—hence the [Incident Response] industry was born that attempts to perpetuate itself by saying you can’t prevent the attack. That’s the most expensive dollar in security you can spend—incident response. [...]

2017-01-07T17:35:18-05:00November 22nd, 2013|SP Guard, spear phishing|

Toxic Trickle

This is the progression of an Advanced Persistent Threat (APT) attack. Email filters fight this progression by trying to stop the delivery of spearphishing emails.  The most persistent and technically able APT attackers use their expertise to overcome the filters.  As filters become more and more effective, the amount of unwanted email that is delivered to users is reduced. Instead of a torrent of unwanted emails, what is left for the users to fend off  is a concentrated brew of the most devious, the  most technically advanced, the most toxic emails --  the Toxic Trickle. What can be done to [...]

2017-01-07T17:35:18-05:00November 18th, 2013|SP Guard, spear phishing|

Microsoft ZDE Undetected for Months

On November 6, 2013, we wrote about a McAfee's discovery of a new Zero Day Exploit (ZDE) in Microsoft Office. Symantec is now reporting that although the good guys discovered this ZDE on October 31, 2013, the bad guys have been using it since May of 2013.  Symantec observes: After analyzing the payloads being used in this attack, we have identified that the targeted emails are part of an attack campaign known as Operation Hangover, which we covered back in May 2013 in the blog post: Operation Hangover: Q&A on Attacks. At that time, the group behind these attacks was known [...]

2017-01-07T17:35:18-05:00November 11th, 2013|SP Guard, spear phishing|

New Targeted Attack Exploits Microsoft Office ZDE

A new targeted attack which exploits the way Microsoft Office handles images is attacking victims in the Middle East and South Asia. darkREADING reports on the exploit in detail. Of particular interest to followers of Iconix is this observation from darkREADING: Bad guys can exploit the flaw that affects Windows, Office, and Lync by luring a victim into previewing or opening an email with a malicious file attachment or to visit a malicious URL. The end game is that the attacker can take over the machine. Microsoft has released a temporary Fix it patch for protection against attacks until it either issues a [...]

2017-01-07T17:35:18-05:00November 6th, 2013|SP Guard, spear phishing|

Social Networks – Spearphishers’ Delight

This morning's news brings two stories that demonstrate the importance of the recon phase of an APT attack in perpetrating a successful cyber attack. Recall the phases of an APT attack: Recon is not a passive activity.  The attacker gets to shape the decision space to deceive the victim.  The recon phase is the place to shape the decision space. In the first story, Networkworld reports on a penetration test in which the researchers created a false social media presence for a non-existent pretty young women.   In Fake social media ID duped security-aware IT guys, the work of Aamir Lakhani, a [...]

2017-01-07T17:35:18-05:00November 1st, 2013|SP Guard, spear phishing|