The Office of the Director of National Intelligence (ODNI) recently released a new Cyber Threat Framework. Our commentary regarding the ODNI's framework was just published by the Small Wars Journal. You can download a pdf version from our website.
Yesterday the Department of Homeland Security issued an alert entitled, Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors. The alert warns about how the Russians are seeking to interfere with critical U.S. infrastructure using cyber tools. How bad is the problem? This is a screen shot reconstruction of Russians gaining unauthorized access to an industrial control system. DHS used Lockheed's 7-Stage Cyber Kill Chain framework to describe the details of the Russian threat. Reconnaissance. The Russians researched their targets for information to use in spearphishing emails. There were two classes of targets. There are "staging targets" which were [...]
With all the press about phishing and hacking and social engineering, you have to ask, "Why Do People Phish?" Certainly state actors like Russia and North Korea have political objectives. But they aren't after me. Why do people phish average businesses and people? A recent prosecution in Virginia makes it clear why people phish -- it's the money! Yesterday (March 6, 2018), Olajide Abraham Eyitayo of Hempstead, NY, pleaded guilty to stealing more than $1.1 in a phishing scam. The particular scam he used was what the FBI calls a Business Email Compromise. The FBI describes the scam: The schemers [...]
The Associated Press reports that the FBI failed to warn government officials who were being targeted by Russian spearphishing attacks. One wonders what such a warning would say. The FBI could revise the common warning, "Don't open suspicious emails." to "You are the target of an attack, don't open suspicious emails from Russians." Of course, a hallmark of Russian attacks is that they are well-crafted to be non-suspicious. Such warnings offer little assistance in actually performing the task of spotting deceptive Russian emails. SP Guard helps users avoid deceptive emails.
New research from Google, U.C. Berkeley and International Computer Science Institute made this stunning finding: We find victims of phishing are 400x more likely to be successfully hijacked compared to a random Google user. In comparison, this rate falls to 10x for data breach victims and roughly 40x for keylogger victims. This just examined one problem -- stolen credentials. Now consider how this applies to installing ransomware and malware, abuse of native processes, human misdirection of files (such as sending payroll tax returns in response to phishing) and the Business Email Compromise. Interestingly, the researchers do not ask why phishing [...]
On October 16, 2017, the Department of Homeland Security issued Binding Operational Directive BOD-18-01 directing federal agencies to adopt new cybersecurity measures. One of these measures, DMARC, is intended to fight phishing. It is good to see the government addressing spearphishing. However, this measure will quickly prove to be ineffective against spearphishing attacks. Why? Because, as the DMARC specification tells us, …DMARC can only be used to combat specific forms of exact-domain spoofing directly… DMARC does not attempt to solve all problems with spoofed or otherwise fraudulent email. In particular, it does not address the use of visually similar domain names ("cousin [...]
As we noted yesterday, Jimmy Kimmell poked fun at the President's Homeland Security Advisor for opening and responding to a spam email. But is it really so unusual to interact with spam? Today we filed our annual insurance audit. Where's my important confirmation from the insurance company? Or, there it is -- in my spam folder! Luckily, I use SP Guard. I have no concerns about this being a dangerous email because SP Guard identifies it as a real email from Hartford Insurance.
As reported by CNN and others, a UK prankster was able to trick Tom Bossert, the White House DHS Advisor, and Anthony Scaramucci, the then White House Communications Director. The prankster sent Bossert an email pretending to be Jared Kushner. The prank email to Scaramucci pretended to be from former Chief of Staff Reince Priebus. This is from the Kushner-Bossert email thread: Jimmy Kimmel, the ABC TV late night host, noted that the email said, "SUSPECTED_SPAM," yet Bossert took the bait. Bossert's actions show the deceptive power of a well-crafted email. The prankster used facts that he discovered about Bossert [...]
The Hacker News is reporting on a spearphishing attack that has compromised over 1 million people. How could this happen? Over one million users use the popular chrome extension "Web Developer." The bad guys spearphished the developer of "Web Developer" and then used the access they gained from spearphishing to modify "Web Developer" and push the modified code to over 1 million users. The malicious version of "Web Developer" turned the victim's web browser into an advertising nightmare by injecting ads on web pages. It took several hours for the real developer of "Web Developer" to correct the problem and issue [...]
Marcus Hutchins is the 23 year old cybersecurity researcher who is credited with finding the killswitch to the WannaCry ransomware attack. Marcus Hutchins He was arrested yesterday (August 2, 2017) at the airport when he was preparing to leave the U.S. after attending the DefCon hacking conference in Las Vegas. His arrest is reported on Motherboard. The July 11, 2017, Indictment alleges that Hutchins was involved with the Kronos banking trojan. Of course, Kronos malware can only do evil if it is installed on the target systems. Like so much malicious software, Kronos is installed through phishing email [...]