Cyberespionage Expands

Verizon has just release their 2014 Data Breach Investigations Report. Figure 6 shows the rapid growth of cyberespionage: Figure 61 shows a decline in spearphishing from 95% to 78%. So, what's happening?  Is spearphishing on the way out?  Hardly.  Verizon writes: It’s interesting that, while the array of tools is diverse, the basic methods of gaining access to a victim’s environment are not. The most prolific is the old faithful: spear phishing. We (and others) have covered this ad nauseam in prior reports, but for both of you who have somehow missed it, here goes: A well-crafted and personally/professionally-relevant email is sent to a targeted user(s), prompting [...]

2017-01-07T17:35:15+00:00April 25th, 2014|SP Guard, spear phishing|

FireEye Releases 2014 M-Trends Report

FireEye has released the 2014 edition of the M-Trends report.  If you care about APT, you should read this report. If you don't care about APT, you should read this report -- then you will care about APT.  Spearphishing dominates the report as the infiltration means of choice. There are two graphics from the report which emphasize a point we made in Time - It's on the Attackers' Side. Time On Target Time To Compromise   The lesson here is to deny time on target by interrupting the kill chain as early as possible. SP Guard disrupts the [...]

2017-01-07T17:35:15+00:00April 17th, 2014|SP Guard, spear phishing|

What’s A Logo Worth?

With all the attention of hacking and malware and badguys, we sometime lose sight of the branding side of Iconix, our Truemark service. The core issue in branding emails and identifying trusted emails is the same -- reliable identification of the source of the message. In our SP Guard security offering, knowing who sent the email helps recipients avoid being taking in by deception.  In the Truemark service, we put senders' logos in the inbox to extend consumers' engagement with the brands they love. How valuable is a brand?  Do consumers really care about brands?  From a fascinating infographic by [...]

2017-01-07T17:35:15+00:00April 15th, 2014|Consumers and Email, Iconix Truemark Service|

Targeted Attacks Up 91% in 2013 – Symantec

Symantec has released their 2014 Internet Security Threat Report. Some of the key findings: 91% increase in targeted attacks campaigns in 2013 62% increase in the number of breaches in 2013 Over 552M identities were exposed via breaches in 2013 23 zero-day vulnerabilities discovered 1 in 392 emails contain a phishing attacks This Symantec infographic is particularly revealing:     The attackers have modified their attack methodology to stay below the radar.  How can you defend against spearphishing when the attackers are creating fewer forensic artifacts?   You can implement a defense that works at the point of the attack - [...]

2017-01-07T17:35:15+00:00April 11th, 2014|Cybersecurity - General, SP Guard, spear phishing|

Somebody Hacked My Car!

Cyber attackers covet credentials -- with user credentials the hacker becomes the user. What happens when your car is a computer?  The Tesla S is a mobile computer.     Owners are provided with an app that lets them locate their car and open it. Nitesh Dhanjani, a corporate security consultant, recently discovered that the tried and true methods of hacking which steal credentials for computers (think -- phishing) work to steal credentials for cars.  He reported his findings at a recent Black Hat conference in Singapore: If a password is stolen or cracked, someone could locate and gain access [...]

2017-01-07T17:35:15+00:00April 4th, 2014|Cybersecurity - General, Phishing|