Sun Tzu Explains Cyberwar 2,500 Years Ago

The US Government does a very good job of technically securing its systems. There is rarely a report of attackers compromising US Government computers through technical exploits. So, how do attackers do it? A recent report in The Hill describes how Chinese and Russian cyberwarriors are using the same tactics to cyberattack the United States Government. What are these common tactics? Spearphishing emails. Why would two adversaries adopt identical tactics? About 2,500 years ago Sun Tzu, the Chinese general, strategist and tactician, wrote what is considered by many to be the definitive work on military strategy and tactics -- the Art of [...]

2017-01-07T17:35:10-05:00August 28th, 2015|Cybersecurity - General, SP Guard, spear phishing|

Phishers Steal $100 Million

Federal authorities have shut down a ring of hackers who used techniques such as phishing to infiltrate newswire services to gain access to corporate press releases. Homeland Security Secretary Jeh Johnson briefs the press, flanked by U.S. Attorney Paul Fishman and SEC Chair Mary Jo White. The indictment alleges how the hackers users used phishing to infiltrate the newswire services and how they used anti-forensics to evade detection for five years. Using these press releases, the criminals were able to quickly place trades before the public had access to the information. For example, the SEC alleges: At times, the hackers and traders [...]

2017-01-07T17:35:10-05:00August 12th, 2015|Cybersecurity - General, Phishing, SP Guard, spear phishing|

Pentagon Spearphished

The Pentagon has been infiltrated by a spearphishing attack that targeted the Joint Chiefs. CNN is reporting that the unclassified email system used by 4,000 users on the Defense Department network has been down for more than 10 days following a sophisticated cyber attack that used spearphishing to compromise the system.  Sources suspect that the attack came from China or Russia and are pointing the finger at Russia because of details of the attack that differ from typical Chinese attacks. Quoting CNN: All of the required cyber protection and patches were in place, but the attack still was able to [...]

2017-01-07T17:35:10-05:00August 7th, 2015|Cybersecurity - General, SP Guard, spear phishing|