FireEye researchers have observed numerous spearphishing attacks which are using news about the disappearance of Malaysian Flight MH 370 as spearphishing bait.  While FireEye is focused on the malware that is  being delivered, at Iconix we are focused on the method being used to deliver the malware -- spearphishing. In each case reported by FireEye, the bad guys have exploited interest about Malaysian Flight MH 370 to deceive the email recipient into compromising his system.  The deceptive email contains an equally deceptive payload which installs malware on the victim's system.  The spearphishing attacker researchers his targets to create powerful urgency [...]

George Grachis, CISA, CISSP is the ISSM, Information Systems Security Manager for Satcom Direct, a Global leader in satellite communications for air, land and sea. He is also Board member of ISSA, ISACA, InfraGard and the Space Coast Technology Council's Cyber Committee. His recent article in Computerworld discusses the importance of including users as part of the security perimeter. Mr. Grachis observes: . . . we have new and better technology that keeps getting exploited. Microsoft, Adobe, Apple and now Android are slinging out patch after patch. Attacks still include hacktivism, cyber espionage, cyber-crime, and cyber warfare. Oh, now we [...]

Uroburos There is now an extensive cyberwar taking place between Russia and Ukraine. Cyber security researchers at GData and BEA Systems have discovered a piece of malware which appears to have originated in Russia and is now being used against Ukraine.  The malware has been designed "Uroburos" by GData. Uroburos is a mythical snake or dragon which is eating its own tail. The same code is called "Snake" by BAE Systems. This graphic from BAE Systems shows the targets of Uroburos: GData released its initial report on March 3, 2014.  GData released a follow-up report on March 7, 2014. [...]

Mark Sparshott, Proofpoint's executive director, recently spoke at Computing's IT Leaders' Forum event in London. Sparshott said that cybercriminals use clever psychological tricks to entice users to interact with malicious emails - spearphishing. All these attacks leverage clever techniques to bypass traditional reputation and content-based checking at the time of delivery. Once in the inbox, they leverage an understanding of how humans work to make them click the link, where the payloads that attack the system flaws on the device the user is browsing from occur. . .  At the time the email is delivered, the email, and the sites [...]