Today Iconix released a new whitepaper entitled, "Deploying Deception Sensors in APT Defense." After infiltrating systems, APT actors are hard to find. This lets them do their dirty work for a long time. Mandiant provides this guidance: Detection and remediation are important. However, prevention is better. In this whitepaper Iconix discusses how targets of APT attacks can deploy sensors that can help detect APT attacks during the attack phase instead of long after the attackers have infiltrated systems. Download the whitepaper here.
Nextgov is reporting on an Inspector General's report regarding the Nuclear Regulatory Commission (NRC). Nextgov obtained the report under the Freedom of Information Act. The NRC has oversight over nuclear plants in the US, including the inventories of weapons-grade materials. According to Nextgov, over the last three years the NRC was breached three times by deceptive emails. In one incident, about 215 employees received emails which sought to harvest credentials. About a dozen people followed the malicious link to the credential harvesting site. Whether credentials were stolen or used is unknown, the NRC cleaned their systems in response to this attack. This attack [...]
Israel's advanced missile defense system, Iron Dome, has received substantial press coverage during the recent hostilities between Israel and Hamas. Iron Dome Anti-Missile System Brian Krebs is reporting that security firm Cyber Engineering Services Inc. (CyberESI), has uncovered a massive theft of Iron Dome technical data from three defense contractors involved with the Iron Dome system. How did the bad guys get into the systems to steal this intellectual property? Spearphishing. The attackers used deceptive email as the infiltration phase of an Advanced Persistent Threat ("APT"). As Michael Assante, project lead for Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA) [...]
Kaspersky and Symantec are each reporting on the Turla spy network. Turla targeted the governments and embassies of a number of former Eastern Bloc countries. Symantec concludes that this espionage has been taking place for at least FOUR YEARS! Unremarkably, the attacks overcame defenses by tricking users into introducing malware into their systems. From that point, the attackers escalate their rights and conduct espionage. What tricks did the attackers use to deceive users? Spearphishing and watering holes. As Verizon noted in their latest Data Breach Investigations Report, spearphishing has not become less pervasive, the bad guys have merely added watering [...]