Spearphishers Rob Russian Banks
Kaspersky has uncovered a cyberattack that is being used to rob Russian banks. The attack is being called "well planned and executed" in the press. The attack is a model of deception -- the core of spearphishing. Deception is not a computer science concept; deception is a concept of human cognition. Spearphishing is deception perpetrated with computers. Attackers know that people open email based on perceived relevance, urgency clues and habit. In this case, the attackers knew that bank employees would perceive emails from FinCERT, the Russian banking regulator, as relevant and urgent, and would, as a matter of habit, open [...]