India Cyberattacks Pakistan — Using Spearphishing

A recent article posted at techviral describes how Indian cyberattackers are using spearphishing to attack Pakistani and UAE websites. The post discusses how the Indian hacking groups called the Shakti Campaign and the VVV use deceptive emails to gain control of targeted computers. It's a fact pattern we have seen many times before.  The victim receives a deceptive email pretending to be from a trusted source. The victim clicks a link or opens an attachment, launching a sequence of events that gives system access to the attacker. The crucial step in these attacks is the user's intervention -- the user must be deceived [...]

2015-11-24T09:57:13-05:00November 24th, 2015|Cybersecurity - General, SP Guard, spear phishing|

Bad Guys Are Smart

On November 10, 2015, the Justice Department announced the indictment of four men for a "hacking," securities fraud, and other crimes. In announcing the indictments, Manhattan U.S. Attorney Preet Bharara said, "The charged crimes showcase a brave new world of hacking for profit. It is no longer hacking merely for a quick payout, but hacking to support a diversified criminal conglomerate. This was hacking as a business model." The indictment alleges that the conspirators used servers in Egypt, the Czech Republic, South Africa, Brazil and other countries as a launchpad to attack some of the largest financial firms based in [...]

2017-01-07T17:35:09-05:00November 13th, 2015|Cybersecurity - General|

Spearphishing Solution – Prosecute Victims

In a recent Wall Street Journal interview, Adm. Mike Rogers, the Director of the NSA, suggested that people who fall for spearphishing attacks, such as the four people who compromised the Joint Staff, should be subject to court-martial. He drew this analogy: If someone had said to me, “Hey, it’s lonely on post. It’s the middle of the night out in the middle of nowhere. I just pulled my gun out because I wanted to quick draw,” we would never accept that. So why are we willing to accept this kind of behavior in the cyberworld? The problem with this [...]

2017-01-07T17:35:10-05:00November 2nd, 2015|Cybersecurity - General, SP Guard, spear phishing|