Your Bleeped Up Brain

The cable TV channel H2 is running a mini-series on the human mind - Your Bleeped Up Brain. The series is truly fascinating.  While we think our heads contain a highly precise computer, it turns out that the ball of matter inside our heads is good at navigating life, but not very good at discerning fine details out of a complex environment. For those us of in the cybersecurity world, the last episode - Deception - is particularly interesting.  In Deception, the show presents several examples of how the brain takes incomplete or inaccurate information and completes the story to [...]

2017-01-07T17:35:19+00:00 August 6th, 2013|Iconix Truemark Service, Phishing, SP Guard, spear phishing|

Spearphishing – The Movie

Eric Fiterman of Rogue Networks/Methodvue demonstrates how to construct a malicious email that effectively impersonates President Obama. Using malware delivered in an attachment, Fiterman takes control of the recipient’s computer. Watch as he steals passwords, searches for files and even takes a picture of his victim using the computer’s camera.   What permits Fiterman to infiltrate this computer?  The recipient can't distinguish a real email from the President from a fake email from the President.  People need to know if an email is really from the President. They need to know if an email is really from a co-worker.  SP Guard from Iconix [...]

2017-01-07T17:35:24+00:00 March 15th, 2012|SP Guard, spear phishing|

Check Your Spam?

As we noted yesterday, Jimmy Kimmell poked fun at the President's Homeland Security Advisor for opening and responding to a spam email.  But is it really so unusual to interact with spam?  Today we filed our annual insurance audit.  Where's my important confirmation from the insurance company?  Or, there it is -- in my spam folder! Luckily, I use SP Guard.  I have no concerns about this being a dangerous email because SP Guard identifies it as a real email from Hartford Insurance.

2017-08-10T15:47:23+00:00 August 10th, 2017|Cybersecurity - General, Phishing, SP Guard, spear phishing|

Spearphishing “Prank” Fools White House Officials

As reported by CNN and others, a UK prankster was able to trick Tom Bossert, the White House DHS Advisor, and Anthony Scaramucci, the then White House Communications Director. The prankster sent Bossert an email pretending to be Jared Kushner. The prank email to Scaramucci pretended to be from former Chief of Staff Reince Priebus. This is from the Kushner-Bossert email thread: Jimmy Kimmel, the ABC TV late night host, noted that the email said, "SUSPECTED_SPAM," yet Bossert took the bait. Bossert's actions show the deceptive power of a well-crafted email. The prankster used facts that he discovered about Bossert [...]

2017-09-06T09:25:40+00:00 August 8th, 2017|Cybersecurity - General, Phishing, spear phishing|

Phish One – Compromise One Million

The  Hacker News is reporting on a spearphishing attack that has compromised over 1 million people. How could this happen?  Over one million users use the popular chrome extension "Web Developer." The bad guys spearphished the developer of "Web Developer" and then used the access they gained from spearphishing to modify "Web Developer" and push the modified code to over 1 million users.  The malicious version of "Web Developer" turned the victim's web browser into an advertising nightmare by injecting ads on web pages.  It took several hours for the real developer of "Web Developer" to correct the problem and issue [...]

2017-08-04T13:52:20+00:00 August 4th, 2017|Cybersecurity - General, Phishing, SP Guard, spear phishing|

WannaCry Hero Arrested

Marcus Hutchins is the 23 year old cybersecurity researcher who is credited with finding the killswitch to the WannaCry ransomware attack. Marcus Hutchins He was arrested yesterday (August 2, 2017) at the airport when he was preparing to leave the U.S. after attending the DefCon hacking conference in Las Vegas.  His arrest is reported on Motherboard. The July 11, 2017,  Indictment alleges that Hutchins was involved with the Kronos banking trojan. Of course, Kronos malware can only do evil if it is installed on the target systems.  Like so much malicious software, Kronos is installed through phishing email [...]

2017-08-03T16:02:29+00:00 August 3rd, 2017|Cybersecurity - General, Phishing, SP Guard, spear phishing|

NY Supreme Court Justice Lost Over $1 Million in Email Scam

The New York Daily News is reporting that Acting State Supreme Court Justice Lori Sattler was the victim of an email scam while trying to sell her apartment and buy another.     Justice Sattler The press report says that a person posing as the Justice's lawyer sent her an email with payment instructions. Believing the email came from her lawyer, the justice wired $1,057,500 to the account specified in the email. The money was then transferred to Commerce Bank of China. The Justice was the victim of a crime of deception perpetrated using email.  This crime relied on the fact that [...]

2017-06-22T08:54:10+00:00 June 22nd, 2017|Cybersecurity - General, Phishing, SP Guard, spear phishing|

US Election Hacking

The Intercept_ is reporting about Russian hacking of the presidential election, citing a document that may have been obtained from the NSA. This graphic provides an overview of the Russian cyberattack methodology: This graphic reveals the true nature of a spearphishing cyberattack  - the target of these attacks is human cognition, computers are merely the means to convey the deception. How do you defend human cognition against deception? With a tool that reveals the deception. That is what SP Guard does.

2017-06-06T15:46:07+00:00 June 6th, 2017|Cybersecurity - General, SP Guard, spear phishing|

Ransomware Engulfs Internet

Cyberspace around the world has fallen victim to a massive ransomware attack. How could such a thing happen? New Scientist sums it up: The first computers were infected by people unwittingly clicking links in phishing emails. But from each patient zero the software then spread through computer networks by itself. Once installed on a machine, the malware encrypted all of the files it could find, locking them away from users. SP Guard helps protect against ransomware by unmasking phishing emails. With SP Guard, users can spot and report attack emails instead of becoming victims.

2017-05-15T09:05:23+00:00 May 15th, 2017|Cybersecurity - General, Phishing, SP Guard, spear phishing|

Massive Google Docs Phishing Attack Sweeps Internet Today

A large scale phishing attack using a google docs exploit rapidly spread across the internet today. Google Docs Phishing Email You can learn about the data processing aspects of this attack. It has been reported in the The Wall Street Journal, The Verge, The New York Times, and many other sources. What about the human aspects of this problem?  Why did people open these emails?  Why do people open any emails? Prof. Arun Vishwanath, in Why Do People Get Phished,  established that people open emails as a matter of habit which is invoked in response to perceived relevance and [...]

2017-05-04T14:06:33+00:00 May 4th, 2017|Consumers and Email, Phishing, SP Guard, spear phishing|

Spearphisher Steals $100 Million from Google and Facebook

Google and Facebook were victims of a spearphishing scam in which the attacker stole $100 million. Paragraph 6 of the indictment details some of the allegations: ... as part of the scheme, fraudulent phishing emails were sent to employees and agents of the Victim Companies. The emails purported to be from employees and agents of Company‑1 [the real supplier], but in truth and in fact, they were not sent or authorized by employees or agents of Company‑1. The fraudulent emails were sent from email accounts that were designed to create the false appearance that they were sent by employees and agents [...]

2017-04-28T15:11:05+00:00 April 28th, 2017|Iconix Truemark Service, Phishing, SP Guard, spear phishing|

City of Newark Hit With Ransomware

According to TAPintoNewark, the online newspaper in Newark, Jersey, someone is shaking down the City of Newark for 24 Bitcoin (about $30,000) in a ransomware attack. How did this happen?  TAPintoNewark explains: The RSA-2048 maleware typically infects a user's computer when they are tricked into running an attachment in a spam email. Once the maleware is launched, it encrypts files and requires a "private key" to open them. The private key is only provided after the user pays the ransom. Why would a user open an evil email and then run an evil attachment?  Because the email is a carefully crafted work [...]

2017-04-27T15:37:06+00:00 April 26th, 2017|Cybersecurity - General, SP Guard, spear phishing|