twitteryoutubeBlogBlog

19 Amazing Hacks

We thought we would end the year looking beyond the world of APT  and spearphishing.  Chris Poulin of IBM has assembled a list of 19 hacks that will keep you up nights.  Hacks of pacemakers, yachts, ATM's, insulin pumps and our favorite -- cars. In Comprehensive Experimental Analyses of Automotive Attack Surfaces the researchers discuss how: We discover that remote exploitation is feasible via a broad range of attack vectors (including mechanics tools, CD players, Bluetooth and cellular radio), and further, that wireless communications channels allow long distance vehicle control, location tracking, in-cabin audio exfiltration and theft. From Comprehensive Experimental Analyses of Automotive Attack Surfaces, this  is [...]

2017-01-07T17:35:17-05:00December 31st, 2013|Uncategorized|
Read More

Samsung Knox – Knocked by Security Researchers

Virtualization is an important development in the fight against malware. In virtualization, activities are isolated from one another in "containers" so that if an activity is evil, the evil is isolated to that container.  This security approach is also known as sandboxing. In another demonstration of the important cybersecurity maxim of Dr. Frederick Chang, former NSA Director of Research: … cybersecurity is fundamentally about an adversarial engagement. Humans must defend machines that are attacked by other humans using machines. the humans at Samsung developed Knox as a way to segregate processes into containers on secure cell phones.  By segregating processes, bad [...]

2017-01-07T17:35:17-05:00December 25th, 2013|SP Guard, spear phishing|
Read More

Advanced Persistent Threats – Human Factors Based Defense

Iconix has just release a new whitepaper, Advanced Persistent Threats - Human Factors Based Defense. In this new whitepaper we discuss how do defend against email based attacks. The NSA recently described the use of emails to infiltrate computers  on 60 Minutes on December 15, 2013. You can watch this discussion, starting at 5 minutes, 30 seconds.   NSA Discusses Spearphishing on 60 Minutes You can download Advanced Persistent Threats - Human Factors Based Defense for no charge from the White Papers page on our website.

2017-01-07T17:35:17-05:00December 18th, 2013|SP Guard, spear phishing|
Read More

FireEye Discusses “Toxic Trickle”

In a December 13, 2013, blog posting Letting The Wrong Ones In: Email Security’s Big Blind Spot, Tim Ricketts of FireEye discusses the key deficiency of spam filters -- they are ineffective against extremely low volume highly targeted emails.  At Iconix, we call this the Toxic Trickle.   The blog is an excellent discussion of the spearphishing phase of the APT problem.  It concludes: And that’s the problem. A person-to-person email doesn’t have  spam or bulk phishing characteristics. Any malicious payload is likely to be a weaponized document or a common file type that attachment filters allow through. And URLs contained in [...]

2017-01-07T17:35:18-05:00December 17th, 2013|SP Guard, spear phishing|
Read More

Top Ten Advanced Threats

Proofpoint recently posted its Ten Most Dangerous - Discover the Top Ten Advanced Threats Impacting Business Today. Number 1 was the media spearphish attack which compromised the Associated Press Twitter account, causing $150 billion in stock market decline. Proofpoint shows us spearphishing's devastating effectiveness:   This is like an email marketing conversion funnel, only this conversion funnel is evil.  By reducing the 70% open rate of this funnel, the downstream damage can be mitigated.  How can this conversion rate be reduced?  By reducing the power of deception used in these attacks.  In the AP case, the victim thought the malicious [...]

2017-01-07T17:35:18-05:00December 5th, 2013|SP Guard, spear phishing|
Read More
Copyright 2005-2023 Iconix, Inc. | All Rights Reserved |