National Cyber Security Awareness Month (NCSAM)

Today is the last day of National Cyber Security Awareness Month (NCSAM). We thought that the October 29, 2014, alert from ICS-CERT about the vulnerabilities of the US infrastructure highlighted both the complexity and simplicity of the problem. In Alert ICS-ALERT-14-281-01A ICS-CERT warns: ICS-CERT has identified a sophisticated malware campaign that has compromised numerous industrial control systems (ICSs) environments using a variant of the BlackEnergy malware. Analysis indicates that this campaign has been ongoing since at least 2011. Multiple companies working with ICS-CERT have identified the malware on Internet-connected human-machine interfaces (HMIs). How is this sophisticated malware introduced into industrial control systems? It [...]

2017-01-07T17:35:14-05:00October 31st, 2014|Cybersecurity - General, Phishing, SP Guard, spear phishing|

New App Note – Security Company

We have just published an app note which explains how a leading cybersecurity company improved its email communications and security using SP Guard. Before using SP Guard deceptive spearphishing emails were interfering with customer service email communications.  Using SP Guard to differentiate real emails from attacks, customer service and security were improved.  You can download the app note for free from our White Papers page.

2017-01-07T17:35:14-05:00October 29th, 2014|Consumers and Email, SP Guard, spear phishing|

JPMorgan Chase Braces for Spearphishing Attacks

Following the compromise of contact information such as names and email addresses for 76 million individual customers and 7 million small businesses, JPMorgan Chase is preparing for spearphishing attacks against its customers. . Followers of Iconix know what spearphishing is -- the bad guy sends an email that pretends to be from a trusted sender.  The recipient clicks a link or opens an attachment and bad things happen.  When that attack targets bank customers, the obvious bad thing is a compromise that will steal the victim's money from the compromised bank. Fox News reports a list of other bad things the bad [...]

2018-04-05T12:54:01-04:00October 10th, 2014|Consumers and Email, Iconix Truemark Service, Phishing|

FBI Director Discusses Cyber Attacks

On October 5, 2014, FBI Director James Comey discussed cyber espionage with Scott Pelley of CBS 60 Minutes. At 8:50 Director Comey discusses cyber security. Scott Pelley: What countries are attacking the United States as we sit here in cyberspace? James Comey: Well, I don't want to give you a complete list. But I can tell you the top of the list is the Chinese. As we have demonstrated with the charges we brought earlier this year against five members of the People's Liberation Army. They are extremely aggressive and widespread in their efforts to break into American systems to [...]

2017-01-07T17:35:14-05:00October 7th, 2014|Cybersecurity - General, SP Guard, spear phishing|

Are Next Generation Firewalls Dead?

Seculert is reporting on a simple technique that defeats sandbox protection. Seculert has identified Sazoora.B, a new version of the Sazoora.A Trojan. Among other things, what makes Sazoora.B new is that it waits 15 minutes before becoming active. The significance of this simple idea is that during this dormant phase the Trojan is undetectable.  TechTarget SearchSecurity elaborates on this delay feature: Many times, systems will delay delivering an email or connecting to a webpage until a file has successfully passed the sandbox. By delaying execution by, say, 15 minutes, the target's malware analysis potentially could time out and the malware [...]

2017-01-07T17:35:14-05:00October 1st, 2014|Cybersecurity - General, SP Guard, spear phishing|