Spearphishing and Cyberterrorism

Writing in TechCrunch, Tom Chapman, director of cyber operations of Edgewave, describes how terrorists can apply the same techniques used against Anthem, Sony and many others to engage in cyberterrorism. What could these technique be? Spearphishing. Chapman writes: As groups like ISIS become more tech-savvy and recruit members from Western countries, they will gain the ability to conduct effective spear-phishing attacks. What they will attempt to do inside corporate or government systems is hard to say. Hacking the controls for nuclear power plants, traffic systems and other vital infrastructure after a spear-phishing breach requires significant skill, but that skill level [...]

2017-01-07T17:35:13-05:00March 27th, 2015|Cybersecurity - General, SP Guard, spear phishing|

11 Million Health Records Compromised With Deceptive Spelling

Premera, a leading health insurance company, has suffered a cyber breach impacting 11 million people. The company's announcement says it has been the victim of a "sophisticated cyberattack." What could this sophisticated attack have been? We turn to Brian Krebs to give us the details. The sophistication of this attack was not computer science, it was psychology. The attackers applied principles of deception to trick users into compromising their systems. In this case, the deception consisted of sending targeted emails to employees in which the double letter "n" was substituted for the letter "m", thereby displaying "prennera.com" instead of "premera.com".  This [...]

2018-04-05T13:17:24-04:00March 18th, 2015|Cybersecurity - General, SP Guard, spear phishing|

New White Paper – Spearphishing Countermeasures

We have released a new white paper entitled "Spearphishing Defense Using Deception Countermeasures." This paper discusses how technical defenses (such as email filtering, malware detection, firewalls, limited user privileges, and system monitoring) leave systems unnecessarily exposed to phishing attacks because the human attack surface remains easily accessible and subject to successful attacks based on principles of psychology which are exploited using military deception. We propose deception countermeasures which modify the email interface, thereby making the user less susceptible to email-based deception. You will find the paper on our White Papers page.

2017-01-07T17:35:13-05:00March 17th, 2015|Cybersecurity - General, SP Guard, spear phishing|

Spoofing the Boss Cybercrime

Brian Krebs, writing in KrebsonSecurity, describes a scam in which criminals use email to impersonate company executives. The thieves use fake emails to issue bogus payment instructions to  finance and accounting staff. This is one example cited in Spoofing the Boss Turns Thieves a Tidy Profit: In February, con artists made off with a whopping $17.2 million from one of Omaha, Nebraska’s oldest companies — The Scoular Co., an employee-owned commodities trader. According to Omaha.com, an executive with the 800-employee company wired the money in installments last summer to a bank in China after receiving emails ordering him to do so. Wells [...]

2017-01-07T17:35:13-05:00March 13th, 2015|Cybersecurity - General, SP Guard, spear phishing|