Monthly Archives: May 2014

RSA Conference Hacked by Syrian Electronic Army

In March of this year, the RSA Conference was held in San Francisco. During that conference, security expert Ira Winkler belittled the hacking skills of the Syrian Electronic Army (SEA) and called them “the cockroaches of the Internet.”

Brian Krebs is now reporting that soon after Winkler’s comments were posted online, the SEA commandeered the RSA Conference website.

SEA-RSA

How did they do it? They determined that the RSA Conference website was hosted by a third party provider which used an analytics package called “Lucky Orange.” Lucky Orange communicates with a server hosted by codoro.com.  The SEA spearphished the employees of the codero.com by impersonating the CEO of the service.  Through the spearphishing ruse, a person in the hosting organization was tricked into compromising his credentials.  With the credentials in hand, the SEA changed the DNS records which permitted the SEA to deface the RSA Conference site.

In a cruel ironic twist, the CEO of Codero observed that the techniques used by the SEA were outlined in Winkler’s presentation.

Bad guys frequently gain their initial toe-hold using spearphishing.  Spearphishing is an easy and highly reliable way to compromise systems by deceiving people into making bad email decisions. In the Iconix system, employees use SP Guard to make better email processing decisions.  Using SP Guard, IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner.

You can contact us at  408-727-6342,ext 3 or use our online form.

 

 

eBay Breach — How?

If you have an eBay account, you have probably been notified that eBay has been breached and you should change your passwords.

ebay

How could this have happened?  The bad guys used their favorite tool — spearphishing.  In an interview with USA Today,  JD Sherry, vice president for technology and solutions for Trend Micro, a computer security firm said that is it likely the attackers used spearphishing to steal the data.

“It’s extremely stealthy,” Sherry says. “These are carefully crafted slow and low attacks that try not to tip off corporate computer security.” Such breaches can remain undetected for months, allowing hackers to collect massive amounts of data.

How can users avoid being tricked by the spearphishers? Using SP Guard, IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner.

You can contact us at  408-727-6342,ext 3 or use our online form.

Chinese Cyberspies Indicted

Yesterday, U.S. Attorney General Eric Holder announced the indictment of five Chinese military officers accused of committing economic cyber espionage against the United States.

Eric Holder

You can download the indictment here.

Sun Kailiang

The indictment describes what “hacking” means in the context of Chinese cyber espionage:

indictment

The indictment continues by providing details of the anti-forensic tactics used by the accused to evade detection.

Your personnel will receive deceptive emails.  Your security hangs in the balance when an employee decides to click a link or open an attachment.  Telling employees to avoid suspicious emails is good advice.  The attackers use this same guidance — that is why cyberattackers use social engineering to craft emails that are not suspicious. IT must intervene in the email processing decision.  That is the role of SP Guard.  Using SP Guard, IT can determine a list of trusted senders and provide this information to staff at the moment the person is deciding to click or pass.  In the SP Guard environment, staff can, for example, easily distinguish a trusted HR email from a spoof HR email.

You can contact us at   408-727-6342,ext 3 or use our online form.

Cyber Security – An Engagement Between People

We recently attended a fascinating webinar presented by the cybersecurity experts at Mandiant, a FireEye company.

zero dark 243

The webinar,  entitled Tools of Engagement – Zero Dark 243 Days,  presented real world examples of the important cybersecurity maxim of Dr. Frederick Chang, former NSA Director of Research:

… cybersecurity is fundamentally about an adversarial engagement. Humans must defend machines that are attacked by other humans using machines.

It was interesting to hear the Mandiant experts describe how, after determining they were being attacked, the defenders were able to use information gleaned from the spearphishing attack to identify the attack command and control infrastructure.  Of course, the first step was identifying the spearphishing attack. Having identified the command and control infrastructure, the defenders were then able to thwart the attack. When asked about the role of big data in cyberdefense, the Mandiant experts said that massive amounts of data were less useful than specific knowledge of the means and methods used by the attackers. You can hear them discuss big data starting at 58:00 in the webinar.

Your people can be part of the early warning system by using SP Guard  to make them effective human sensors.

You can contact us at  408-727-6342,ext 3 or use our online form.